CentOS - Nov 2017 - Accessing KRB5 NFS from local system accounts

I recently noticed that spamassassin (running as the local "daemon" 
account) will hang some of the time when processing messages, and 
tracked it to the process attempting to access 
~user/.spamassassin/user_prefs.? I believe that should return an access 
failure, but sometimes the process stalls instead.

In any case, I'd like to allow access, but my understanding is that 
processes without a Kerberos ticket cannot access an NFS4 filesystem 
with sec=krb5.? Is that correct?? If so, how would I allow a local 
system account to access globally readable files? Should I create a 
keytab, and set KRB5_KTNAME in the spamassassin environment?

Does anyone working with NFS and krb5 have any tips?