If you use NFS 4.1 with Kerberos, you must perform several tasks to set up your hosts for Kerberos authentication.
When multiple ESXi hosts share the same NFS 4.1 datastore, you must use the same Active Directory credentials for all hosts that access the shared datastore. You can automate this by setting the user in host profiles and applying the profile to all ESXi hosts.
Make sure that Microsoft Active Directory (AD) and NFS servers are configured to use Kerberos.
Enable DES-CBC-MD5 encryption mode on AD. The NFS 4.1 client supports only this encryption mode.
Make sure that the NFS server exports are configured to grant full access to the Kerberos user.
What to do next
After you configure your host for Kerberos, you can create an NFS 4.1 datastore with Kerberos enabled.