[CentOS] Kerberos + NFSv4 difficulties

Miguel Di Ciurcio Filho miguel at ic.unicamp.br
Thu Dec 3 11:37:01 UTC 2009

Dan Burkland wrote:
> d.       SECURE_NFS = “yes”

Uncomment this lines for a more much more verbose logging in 


> a.       Dec  2 12:16:51 nfs rpc.svcgssd[6018]: ERROR: GSS-API: error in 
> gss_acquire_cred(): Unspecified GSS failure.  Minor code may provide 
> more information - No principal in keytab matches desired name
> b.       Dec  2 12:16:51 nfs rpc.svcgssd[6018]: Unable to obtain 
> credentials for 'nfs'
> c.       Dec  2 12:16:51 nfs rpc.svcgssd[6018]: unable to obtain root 
> (machine) credentials
> d.       Dec  2 12:16:51 nfs rpc.svcgssd[6018]: do you have a keytab 
> entry for nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab?

Double check your /etc/krb5.keytab. On the server it must have the 
nfs/server.exemple.net key and on the client it must have 

In idmapd.conf, leave it as the default:

Verbosity = 0
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = localdomain


Nobody-User = nobody
Nobody-Group = nobody

Method = nsswitch

Believe me, I've tried to understand[1] why Domain must be "localdomain" 
but I've no been lucky.



[1] http://linux-nfs.org/pipermail/nfsv4/2009-September/011369.html

More information about the CentOS mailing list