+NFSv4 in Debian
+===============
+
+NFSv4 support in Debian is rather new, and not fully supported yet. If you want
+to experiment, make sure you have:
+
+ - a recent 2.6 kernel on both client and server; newer is better. You might even
+ want to use CITI's patch set from http://www.citi.umich.edu/projects/nfsv4/linux/ .
+ - a recent enough version of nfs-utils on both client and server (you probably
+ have on at least one of them, since you're reading this file!).
+ - a patched mount, which will hopefully enter the archive soon at the time of
+ writing -- otherwise, you'll have to enable the patch in the Debian package
+ yourself and rebuild it. (It is not enabled by default, since the current version
+ of the patch breaks mounting against NFSv2-only servers, such as nfs-user-server.)
+
+The export structure might be a bit confusing if you're already familiar with
+NFSv2 or NFSv3. The biggest difference is that you will need to export an explicit
+root of your pseudofilesystem, like this /etc/exports fragment:
+
+ /nfs4 hostname(rw,sync,fsid=0,crossmnt)
+
+(It doesn't need to be named "nfs4".) Then you can mount other volumes under that,
+like:
+
+ /nfs4/music hostname(rw,sync)
+ /nfs4/movies hostname(rw,sync)
+
+Then your client can mount shares like this:
+
+ mount -t nfs4 server:/music /mnt/music
+
+Since you might not have everything under one root, you might want /nfs4/* on the
+server to be bind mounts, ie.:
+
+ mount --bind /srv/music /nfs4/music
+
+or in /etc/fstab:
+
+ /srv/music /nfs4/music none bind 0 0
+
+If you do not wish to use host-based authentication, you can specify "gss/krb5"
+instead of a hostname to get Kerberos-based authentication instead. For this,
+you will need an "nfs/hostname@REALM" entry in /etc/krb5.keytab, as well as
+rpc.gssd running on the client (enable it manually in /etc/default/nfs-common)
+and rpc.svcgssd running on the server (it should be autodetected once you put
+Kerberos mounts in /etc/exports).
+
+If you use "gss/krb5i", you will also get integrity (ie. authentication), and
+with "gss/krb5p", you'll also get privacy (ie. encryption). Make sure your
+kernel supports this; not all kernels do.
+
+ -- Steinar H. Gunderson <sesse@debian.org>, Wed, 05 Apr 2006 18:09:47 +0200