-rpc.gssd running on the client (enable it manually in /etc/default/nfs-common)
-and rpc.svcgssd running on the server (it should be autodetected once you put
-Kerberos mounts in /etc/exports).
+rpc.gssd running on both client and rpc.svcgssd on the server (enable them
+manually in /etc/default/nfs-common and /etc/default/nfs-kernel-server if the
+autodetection fails). On the client, you will need to add "-o sec=krb5" to
+the mount call.
+
+If you use "gss/krb5i" (and correspondingly "-o sec=krb5i" on the client), you
+will also get integrity (ie. authentication), and with "gss/krb5p", you'll also
+get privacy (ie. encryption). Make sure your kernel supports this; not all
+kernels do.