If you use NFS 4.1 storage with Kerberos, you must add each ESXi host to an Active Directory domain and enable Kerberos authentication. Kerberos integrates with Active Directory to enable single sign-on and provides an additional layer of security when used across an insecure network connection.


Set up an AD domain and a domain administrator account with the rights to add hosts to the domain.


  1. Add an ESXi host to an Active Directory domain.
    1. In the vSphere Web Client, select the ESXi host.
    2. Click the Manage tab and click Settings.
    3. Under System, select Authentication Services.
    4. Click Join Domain, supply the domain settings, and click OK.

    The directory services type changes to Active Directory.

  2. Configure or edit credentials for an NFS Kerberos user.
    1. Under NFS Kerberos Credentials, click Edit.
    2. Enter a user name and password.

      Files stored in all Kerberos datastores will be accessed using these credentials.

    The state for NFS Kerberos credentials changes to Enabled.