diff --git a/sys/fs/nfsserver/nfs_nfsdstate.c b/sys/fs/nfsserver/nfs_nfsdstate.c
index 84da1d9561cd..7430f1f200b3 100644
--- a/sys/fs/nfsserver/nfs_nfsdstate.c
+++ b/sys/fs/nfsserver/nfs_nfsdstate.c
@@ -5867,12 +5867,17 @@ nfsrv_throwawayopens(NFSPROC_T *p)
 
 /*
  * This function checks to see if the credentials are the same.
- * Returns 1 for not same, 0 otherwise.
+ * The check for same credentials is needed for state management operations
+ * for NFSv4.0 where 1 is returned if not same, 0 is returned otherwise.
  */
 static int
 nfsrv_notsamecredname(struct nfsrv_descript *nd, struct nfsclient *clp)
 {
 
+	/* For NFSv4.1/4.2, SP4_NONE always allows this. */
+	if ((nd->nd_flag & ND_NFSV41) != 0)
+		return (0);
+
 	if (nd->nd_flag & ND_GSS) {
 		if (!(clp->lc_flags & LCL_GSS))
 			return (1);
diff --git a/sys/fs/nfsserver/nfs_nfsdsubs.c b/sys/fs/nfsserver/nfs_nfsdsubs.c
index ca691941ed0d..20f62211f53e 100644
--- a/sys/fs/nfsserver/nfs_nfsdsubs.c
+++ b/sys/fs/nfsserver/nfs_nfsdsubs.c
@@ -2121,6 +2121,14 @@ nfsd_checkrootexp(struct nfsrv_descript *nd)
 
 	if (nfs_rootfhset == 0)
 		return (NFSERR_AUTHERR | AUTH_FAILED);
+	/*
+	 * For NFSv4.1/4.2, if the client specifies SP4_NONE, then these
+	 * operations are allowed regardless of the value of the "sec=XXX"
+	 * field in the V4: exports line.
+	 * As such, these Kerberos checks only apply to NFSv4.0 mounts.
+	 */
+	if ((nd->nd_flag & ND_NFSV41) != 0)
+		goto checktls;
 	if ((nd->nd_flag & (ND_GSS | ND_EXAUTHSYS)) == ND_EXAUTHSYS)
 		goto checktls;
 	if ((nd->nd_flag & (ND_GSSINTEGRITY | ND_EXGSSINTEGRITY)) ==