kerberized NFS broken since lucid upgrade

Since upgrade from karmic to lucid, kerberized NFS mounts are no longer working.
NFS server is a NAS (netapp), kdc is an heimdal 1.2 server (mandriva)

krb5.conf :
[libdefaults]
 ticket_lifetime = 86400
 default_realm = MY.REALM
 dns_lookup_realm = true
 dns_lookup_kdc = true
[appdefaults]
 pam = {
  forwardable = true
 }
[realms]
 MY.REALM = {
  kdc = kdc.my.domain
  admin_server = kdc.my.domain
 }
[domain_realm]
 .my.domain = MY.REALM

before lucid I used to have 5 more lines in libdefaults :
default_tgs_enctypes = des-cbc-crc rc4-hmac-md5
default_tkt_enctypes = des-cbc-crc rc4-hmac-md5
default_etypes = des-cbc-crc rc4-hmac-md5
default_etypes_des = des-cbc-crc rc4-hmac-md5
permitted_enctypes = des-cbc-crc rc4-hmac-md5

my mount command is :
mount -t nfs mynas.my.domain:/vol /backup -o sec=krb5
generating output :
mount.nfs: access denied by server while mounting lil-nas1.lille.inria.fr:/vol/lil1_users

the same machine, with the same configuration used to work until I upgraded to lucid

portmap, statd, rpc.gssd and rpc.idmap are running.

Here are relevant log informations :

rpc.gssd[26173]: creating context with server <email address hidden>
rpc.gssd[26173]: rpcsec_gss: gss_init_sec_context: (major) Unspecified GSS failure. Minor code may provide more information - (minor) No supported encryption types (config file error?)
rpc.gssd[26173]: WARNING: Failed to create krb5 context for user with uid 0 for server mynas.my.domain
rpc.gssd[26173]: WARNING: Failed to create krb5 context for user with uid 0 with credentials cache FILE:/tmp/krb5cc_machine_MY.REALM for server mynas.my.domain

perhaps am I missing a new configuration file but I don't see...

release :
Description: Ubuntu 10.04 LTS
Release: 10.04