If you use NFS 4.1 storage with Kerberos, you must add each ESXi host to an Active Directory domain and enable Kerberos authentication. Kerberos integrates with Active Directory to enable single sign-on and provides an extra layer of security when used across an insecure network connection.


Set up an AD domain and a domain administrator account with the rights to add hosts to the domain.


  1. In the vSphere Client, navigate to the ESXi host.
  2. Click the Configure tab.
  3. Under System, click Authentication Services.
  4. Add the ESXi host to an Active Directory domain.
    1. In the Authentication Services pane, click Join Domain.
    2. Supply the domain settings, and click OK.
    The directory services type changes to Active Directory.
  5. Configure or edit credentials for an NFS Kerberos user.
    1. In the NFS Kerberos Credentials pane, click Edit.
    2. Enter a user name and password.
      Files stored in all Kerberos datastores are accessed using these credentials.
    The state for NFS Kerberos credentials changes to Enabled.