Some sources incorrectly indicate that keyutils is only needed with DFS, but keyutils is also needed when using CIFS w/ Kerberos authentication.
When trying to mount a CIFS share using kerberos (sec=krb5), the kernel invokes /sbin/request-key to request a key from userspace. Then cifs.upcall (from cifs-utils) is executed to handle the SPNEGO authentication. If keyutils is not installed, then /sbin/request-key is absent, and the kernel is completely silent about this. [ +0.497021] CIFS VFS: Send error in SessSetup = -2 [ +0.000992] CIFS VFS: cifs_mount failed w/return code = -2 Thus, I strongly agree with the proposal for cifs-utils to *Recommend* keyutils, rather than merely *Suggesting* it.