Kerberized nfs4 安装错误：未找到用于连接服务器的凭据

我的客户端/服务器都运行 ubuntu 14.04，kerberos 用户身份验证按预期工作。常规 nfs4 挂载也运行良好。所有机器都在运行 heimdal 库。

我还无法让 Kerberos 化的 nfs4 工作。

当挂载共享时，我收到以下日志：

客户：

# mount -t nfs4 -o sec=krb5 server:/ /mnt/tmp -vvvvvv                                                                        
mount: fstab path: "/etc/fstab"
mount: mtab path:  "/etc/mtab"
mount: lock path:  "/etc/mtab~"
mount: temp path:  "/etc/mtab.tmp"
mount: UID:        0
mount: eUID:       0
mount: spec:  "SERVER:/"
mount: node:  "/mnt/tmp"
mount: types: "nfs4"
mount: opts:  "sec=krb5"
mount: external mount: argv[0] = "/sbin/mount.nfs4"
mount: external mount: argv[1] = "SERVER:/"
mount: external mount: argv[2] = "/mnt/tmp"
mount: external mount: argv[3] = "-v"
mount: external mount: argv[4] = "-o"
mount: external mount: argv[5] = "rw,sec=krb5"
mount.nfs4: timeout set for Sun Jun 15 01:10:30 2014
mount.nfs4: trying text-based options 'sec=krb5,addr=XXX.XXX.XXX.52,clientaddr=XXX.XXX.XXX.17'
mount.nfs4: mount(2): Permission denied
mount.nfs4: access denied by server while mounting SERVER:/

rpc.gssd：

Jun 15 01:31:15 client rpc.gssd[24146]: destroying client /run/rpc_pipefs/nfsd4_cb/clnt4
Jun 15 01:31:15 client rpc.gssd[24146]: destroying client /run/rpc_pipefs/nfsd4_cb/clnt3
Jun 15 01:31:15 client rpc.gssd[24146]: destroying client /run/rpc_pipefs/nfsd4_cb/clnt2
Jun 15 01:31:15 client rpc.gssd[24146]: destroying client /run/rpc_pipefs/nfsd4_cb/clnt0
Jun 15 01:31:15 client rpc.gssd[24146]: handling gssd upcall (/run/rpc_pipefs/nfs/clntf)
Jun 15 01:31:15 client rpc.gssd[24146]: handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 '
Jun 15 01:31:15 client rpc.gssd[24146]: handling krb5 upcall (/run/rpc_pipefs/nfs/clntf)
Jun 15 01:31:15 client rpc.gssd[24146]: process_krb5_upcall: service is '<null>'
Jun 15 01:31:15 client rpc.gssd[24146]: Full hostname for 'server.example.com' is 'server.example.com'
Jun 15 01:31:15 client rpc.gssd[24146]: Full hostname for 'client.example.com' is 'CLIENT.example.com'
Jun 15 01:31:15 client rpc.gssd[24146]: No key table entry found for [email protected] while getting keytab entry for 'DEVEL01$@'
Jun 15 01:31:15 client rpc.gssd[24146]: No key table entry found for root/[email protected] while getting keytab entry for 'root/CLIENT.example.com@'
Jun 15 01:31:15 client rpc.gssd[24146]: Success getting keytab entry for 'nfs/client.example.com@'
Jun 15 01:31:15 client rpc.gssd[24146]: WARNING: Cryptosystem internal error while getting initial ticket for principal 'nfs/[email protected]' using keytab 'FILE:/etc/krb5.keytab'
Jun 15 01:31:15 client rpc.gssd[24146]: ERROR: No credentials found for connection to server server.example.com
Jun 15 01:31:15 client rpc.gssd[24146]: doing error downcall
Jun 15 01:31:15 client rpc.gssd[24146]: destroying client /run/rpc_pipefs/nfs/clnt55
Jun 15 01:31:15 client rpc.gssd[24146]: destroying client /run/rpc_pipefs/nfsd4_cb/clnt4
Jun 15 01:31:15 client rpc.gssd[24146]: destroying client /run/rpc_pipefs/nfsd4_cb/clnt3
Jun 15 01:31:15 client rpc.gssd[24146]: destroying client /run/rpc_pipefs/nfsd4_cb/clnt2
Jun 15 01:31:15 client rpc.gssd[24146]: destroying client /run/rpc_pipefs/nfsd4_cb/clnt0

客户端密钥表：

Vno  Type                     Principal                                    Aliases
  1  aes256-cts-hmac-sha1-96  nfs/[email protected]  
  1  des3-cbc-sha1            nfs/[email protected]
  1  arcfour-hmac-md5         nfs/[email protected]

服务器：

密钥控制器：

Jun 15 01:44:34 server kdc[13705]: AS-REQ nfs/[email protected] from IPv4:XXX.XXX.XXX.17 for krbtgt/[email protected]
Jun 15 01:44:34 server kdc[13705]: Client sent patypes: REQ-ENC-PA-REP
Jun 15 01:44:34 server kdc[13705]: Looking for PK-INIT(ietf) pa-data -- nfs/[email protected]
Jun 15 01:44:34 server kdc[13705]: Looking for PK-INIT(win2k) pa-data -- nfs/[email protected]
Jun 15 01:44:34 server kdc[13705]: Looking for ENC-TS pa-data -- nfs/[email protected]
Jun 15 01:44:34 server kdc[13705]: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ
Jun 15 01:44:34 server kdc[13705]: sending 292 bytes to IPv4:XXX.XXX.XXX.17

有什么迹象表明这里出了什么问题吗？