NFSv4 kerberized: (only) root has no permissions
We have setup a NFSv4/kerberos environment to restrict access to NFS only to authorized clients. Both, NFS as well as kerberos work properly, with the one exception that the root user has no permissions on the server. For all other users, everything works perfectly. Root restriction occurs only when gss/krb5 authentication is used (nfsv4 exporting to * works nicely).
I guess this has got something to do with root not having a proper kerberos ticket, it appears that Linux uses the "nfs" principal from the krb5.keytab file for every transaction initiated by root. Still, I can't figure out what would be a proper ticket or how to change the Linux behavior so that it uses "root" tickets ?