Kerberized NFS4 Exports
While configuring AutoFS with NFS4 exports I encountered several problems that were preventing a successful mount. Both server and client must be correctly configured.
On Fedora hosts the service nfs-secure-server must be enabled to have rpc.svcgssd started.
The exports must be correctly defined. Exports can be stored using multiple files in /etc/exports.d/, but beware, these files must have the extension .exports.
The NFS server should be forced to run on specific ports, which can then be opened by the firewall. On a RedHat based system configure the file /etc/sysconfig/nfs to contain the following lines:
Open the ports 111, 2049, 32765-32767 for both tcp and udp traffic. If these ports are not opened (or only 2049) a manual mount sometimes worked fine, but with AutoFS it constantly failed.
On the client side, the service nfs-secure must be enabled on Fedora hosts.
To mount a kerberos protected export, use the sec=krb5 mount option.