[NFS-Ganesha-Devel] Re-negotiating security flavor between nfs client and server (Ganesha) in nfsv4.1

Scenario: Let's say that there are some nfs clients that negotiate rpcsec_gss security with the nfs v4.1 server (Ganesha). The subsequent nfs-requests from those clients work using rpcsec_gss based authentication. At a later point in time, the server's state changes and it cannot accept rpcsec_gss security. By this I mean that ntirpc is no longer able to authenticate rpcsec_gss requests. The export ACLs may allow or disallow such requests using krb5* security, but since the authentication happens before the export ACLs check is done, the requests will anyways fail for mounted clients. In such a scenario, what is the best way for server to tell the client to re-negotiate the security flavor (say, downgrade to auth-sys) and perform further requests using that?