Hello list. I am facing a strange behaviour here with a test NFS3+KRB5 setup. I am currently testing NFS4+KRB5 and everything seems to work ok. #NFS4 export snippet /srv/nfs4 *(sec=krb5,rw,async,fsid=0,insecure,crossmnt,no_subtree_check) /srv/nfs4/media *(sec=krb5,rw,async,insecure,crossmnt,no_subtree_check) Both the server and client linux machine are running nfs-utils 1.1.2. I can mount these exports with. mount -t nfs4 -osec=krb5 servername:/ /mnt Now I tried the same with an NFS3 export. #NFS3 export snippet /var/media 192.168.0.0/24(sec=krb5:krb5i:krb5p:sys,rw,async,insecure,no_subtree_check) If I try to mount this export form my client it works mount -osec=krb5 servername:/var/media /mnt I can see that rpc.gssd on the client is doing its work fetching a ticket etc.... But as you can see i still have sec=...:sys in this export line. If I remove sys from sec I can NO LONGER mount this share from my linux client. Although I see a authenticated line in the server logs several times, the mount does not succeed. Furthermore the rpc.gssd daemon on the client does not do anything in this case (I let it run in foreground to check it). As soon as I add sec=...:sys to the export, mounting via -osec=krb5 works again and I can also see rpc.gssd doing its work. For testing purposes I tried to mount the same export from a mac client (leopard) and this worked with and without the sec=sys. So my question. Do you still need to have sec=sys in your exports even if you just want to mount them via kerberos or is this a bug? The server is running kernel version 2.6.24.2 and the linux client 2.6.25-rc2. I also tried to mount export from the server itself but it failed the same way. Kind regards, Michael -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html