I have been trying all sorts of things to get this working. nfsv4 works fine if I just use the nfs-v3 form of export i.e. /nfs4exports 192.168.230.237/24(ro,fsid=0,sync,insecure,no_root_squash,no_subtree_check,squash_uids=0-99) /nfs4exports/NDG 192.168.230.237/24(rw,insecure,no_subtree_check,nohide,sync,no_root_squash,squash_uids=0-99) but this is inherently open to all on this machine. so then using this recipe http://www.techrepublic.com/blog/opensource/kerberos-authentication-with-nfsv4/1965 and many others that hours of google foo shows change exports to /nfs4exports gss/krb5(ro,fsid=0,sync,insecure,no_root_squash,no_subtree_check,squash_uids=0-99) /nfs4exports/NDG gss/krb5(rw,insecure,no_subtree_check,nohide,sync,no_root_squash,squash_uids=0-99) now from the client I can see [rkampen at timsws ~]$ showmount -e example.com Export list for example.com: /nfs4exports gss/krb5 /nfs4exports/NDG gss/krb5 but [rkampen at timsws /]$ sudo mount -t nfs4 -o sec=krb5 ndgonline.net:/ /NDG/ mount.nfs4: access denied by server while mounting ndgonline.net:/ and [rkampen at timsws /]$ sudo mount -t nfs4 -o sec=krb5 ndgonline.net:/NDG /NDG/ mount.nfs4: access denied by server while mounting ndgonline.net:/NDG And I cannot find any log entries relating to the kerberos KDC or on the nfs server - two different machines. I have set up all the principals in the KDC and used kadmin/ktadd to load into the client and the server /etc/krb5.keytab as per the above url. How and where do I get logging to occur so I can find out the missing piece in my kerberos setup? Any help or directions appreciated. TIA -------------- next part -------------- A non-text attachment was scrubbed... Name: rkampen.vcf Type: text/x-vcard Size: 280 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20110719/28d80004/attachment-0004.vcf>