My CentOS 7.2 server: * Enrolled IPA client * Automount configured with NFSv4 krb5 mount for user home directories. Everything works. IPA users can login and their home directory would automatically be mounted. Now, I am trying to configure the server's Apache to expose certain users' home directory for web. To do this, I followed https://fedorahosted.org/gss-proxy/wiki/NFS to configure gssproxy (no impersonation). And this works... for awhile. After idling awhile, Apache would report no permission, and gssproxy debug message would show: gssproxy: gp_rpc_execute: executing 6 (GSSX_ACQUIRE_CRED) for service "nfs-client", euid: 0, socket: (null) gssproxy: gp_rpc_execute: executing 8 (GSSX_INIT_SEC_CONTEXT) for service "nfs-client", euid: 0, socket: (null) What I don't understand is why is it using service "nfs-client"? Shouldn't it be using service "apache", which is set above the section for "nfs-client" in gssproxy.conf? I say this because if I restart gssproxy, Apache would work again, and the debug message would show (as expected): gssproxy: Client connected (fd = 12) (pid = 3158) (uid = 48) (gid = 48) (context = system_u:system_r:gssd_t:s0) gssproxy: gp_rpc_execute: executing 6 (GSSX_ACQUIRE_CRED) for service "apache", euid: 48, socket: (null) gssproxy: gp_rpc_execute: executing 8 (GSSX_INIT_SEC_CONTEXT) for service "apache", euid: 48, socket: (null) gssproxy: gp_rpc_execute: executing 8 (GSSX_INIT_SEC_CONTEXT) for service "apache", euid: 48, socket: (null) But after idling awhile, Apache would again stop working and gssproxy debug messages would show it's using "nfs-client" again. So why is it not using service "apache" all the time and instead falls back to "nfs-client"?