--- kgssapi/gss_accept_sec_context.c.sav	2012-09-26 08:56:45.000000000 -0400
+++ kgssapi/gss_accept_sec_context.c	2012-09-26 10:01:32.000000000 -0400
@@ -31,7 +31,9 @@ __FBSDID("$FreeBSD: head/sys/kgssapi/gss
 #include <sys/param.h>
 #include <sys/kernel.h>
 #include <sys/kobj.h>
+#include <sys/lock.h>
 #include <sys/malloc.h>
+#include <sys/mutex.h>
 
 #include <kgssapi/gssapi.h>
 #include <kgssapi/gssapi_impl.h>
@@ -58,9 +60,16 @@ OM_uint32 gss_accept_sec_context(OM_uint
 	gss_ctx_id_t ctx = *context_handle;
 	gss_name_t name;
 	gss_cred_id_t cred;
+	CLIENT *cl;
 
-	if (!kgss_gssd_handle)
+	mtx_lock(&kgss_gssd_lock);
+	if (kgss_gssd_handle == NULL) {
+		mtx_unlock(&kgss_gssd_lock);
 		return (GSS_S_FAILURE);
+	}
+	CLNT_ACQUIRE(kgss_gssd_handle);
+	cl = kgss_gssd_handle;
+	mtx_unlock(&kgss_gssd_lock);
 
 	if (ctx)
 		args.ctx = ctx->handle;
@@ -74,7 +83,8 @@ OM_uint32 gss_accept_sec_context(OM_uint
 	args.input_chan_bindings = input_chan_bindings;
 
 	bzero(&res, sizeof(res));
-	stat = gssd_accept_sec_context_1(&args, &res, kgss_gssd_handle);
+	stat = gssd_accept_sec_context_1(&args, &res, cl);
+	CLNT_RELEASE(cl);
 	if (stat != RPC_SUCCESS) {
 		*minor_status = stat;
 		return (GSS_S_FAILURE);
--- kgssapi/gss_acquire_cred.c.sav	2012-09-26 09:01:18.000000000 -0400
+++ kgssapi/gss_acquire_cred.c	2012-09-26 10:02:16.000000000 -0400
@@ -31,7 +31,9 @@ __FBSDID("$FreeBSD: head/sys/kgssapi/gss
 #include <sys/param.h>
 #include <sys/kernel.h>
 #include <sys/kobj.h>
+#include <sys/lock.h>
 #include <sys/malloc.h>
+#include <sys/mutex.h>
 #include <sys/proc.h>
 
 #include <kgssapi/gssapi.h>
@@ -55,9 +57,16 @@ gss_acquire_cred(OM_uint32 *minor_status
 	enum clnt_stat stat;
 	gss_cred_id_t cred;
 	int i;
+	CLIENT *cl;
 
-	if (!kgss_gssd_handle)
+	mtx_lock(&kgss_gssd_lock);
+	if (kgss_gssd_handle == NULL) {
+		mtx_unlock(&kgss_gssd_lock);
 		return (GSS_S_FAILURE);
+	}
+	CLNT_ACQUIRE(kgss_gssd_handle);
+	cl = kgss_gssd_handle;
+	mtx_unlock(&kgss_gssd_lock);
 
 	args.uid = curthread->td_ucred->cr_uid;
 	if (desired_name)
@@ -69,7 +78,8 @@ gss_acquire_cred(OM_uint32 *minor_status
 	args.cred_usage = cred_usage;
 
 	bzero(&res, sizeof(res));
-	stat = gssd_acquire_cred_1(&args, &res, kgss_gssd_handle);
+	stat = gssd_acquire_cred_1(&args, &res, cl);
+	CLNT_RELEASE(cl);
 	if (stat != RPC_SUCCESS) {
 		*minor_status = stat;
 		return (GSS_S_FAILURE);
--- kgssapi/gss_canonicalize_name.c.sav	2012-09-26 09:01:18.000000000 -0400
+++ kgssapi/gss_canonicalize_name.c	2012-09-26 10:02:39.000000000 -0400
@@ -31,7 +31,9 @@ __FBSDID("$FreeBSD: head/sys/kgssapi/gss
 #include <sys/param.h>
 #include <sys/kernel.h>
 #include <sys/kobj.h>
+#include <sys/lock.h>
 #include <sys/malloc.h>
+#include <sys/mutex.h>
 
 #include <kgssapi/gssapi.h>
 #include <kgssapi/gssapi_impl.h>
@@ -48,15 +50,23 @@ gss_canonicalize_name(OM_uint32 *minor_s
 	struct canonicalize_name_args args;
 	enum clnt_stat stat;
 	gss_name_t name;
+	CLIENT *cl;
 
-	if (!kgss_gssd_handle)
+	mtx_lock(&kgss_gssd_lock);
+	if (kgss_gssd_handle == NULL) {
+		mtx_unlock(&kgss_gssd_lock);
 		return (GSS_S_FAILURE);
+	}
+	CLNT_ACQUIRE(kgss_gssd_handle);
+	cl = kgss_gssd_handle;
+	mtx_unlock(&kgss_gssd_lock);
 
 	args.input_name = input_name->handle;
 	args.mech_type = mech_type;
 	
 	bzero(&res, sizeof(res));
-	stat = gssd_canonicalize_name_1(&args, &res, kgss_gssd_handle);
+	stat = gssd_canonicalize_name_1(&args, &res, cl);
+	CLNT_RELEASE(cl);
 	if (stat != RPC_SUCCESS) {
 		*minor_status = stat;
 		return (GSS_S_FAILURE);
--- kgssapi/gss_delete_sec_context.c.sav	2012-09-26 09:01:18.000000000 -0400
+++ kgssapi/gss_delete_sec_context.c	2012-09-26 10:03:01.000000000 -0400
@@ -31,7 +31,9 @@ __FBSDID("$FreeBSD: head/sys/kgssapi/gss
 #include <sys/param.h>
 #include <sys/kernel.h>
 #include <sys/kobj.h>
+#include <sys/lock.h>
 #include <sys/malloc.h>
+#include <sys/mutex.h>
 
 #include <kgssapi/gssapi.h>
 #include <kgssapi/gssapi_impl.h>
@@ -46,6 +48,7 @@ gss_delete_sec_context(OM_uint32 *minor_
 	struct delete_sec_context_args args;
 	enum clnt_stat stat;
 	gss_ctx_id_t ctx;
+	CLIENT *cl;
 
 	if (!kgss_gssd_handle)
 		return (GSS_S_FAILURE);
@@ -60,9 +63,18 @@ gss_delete_sec_context(OM_uint32 *minor_
 		 */
 		if (ctx->handle) {
 			args.ctx = ctx->handle;
+			mtx_lock(&kgss_gssd_lock);
+			if (kgss_gssd_handle == NULL) {
+				mtx_unlock(&kgss_gssd_lock);
+				return (GSS_S_FAILURE);
+			}
+			CLNT_ACQUIRE(kgss_gssd_handle);
+			cl = kgss_gssd_handle;
+			mtx_unlock(&kgss_gssd_lock);
 	
 			bzero(&res, sizeof(res));
-			stat = gssd_delete_sec_context_1(&args, &res, kgss_gssd_handle);
+			stat = gssd_delete_sec_context_1(&args, &res, cl);
+			CLNT_RELEASE(cl);
 			if (stat != RPC_SUCCESS) {
 				*minor_status = stat;
 				return (GSS_S_FAILURE);
--- kgssapi/gss_display_status.c.sav	2012-09-26 09:01:18.000000000 -0400
+++ kgssapi/gss_display_status.c	2012-09-26 10:03:25.000000000 -0400
@@ -31,7 +31,9 @@ __FBSDID("$FreeBSD: head/sys/kgssapi/gss
 #include <sys/param.h>
 #include <sys/kernel.h>
 #include <sys/kobj.h>
+#include <sys/lock.h>
 #include <sys/malloc.h>
+#include <sys/mutex.h>
 
 #include <kgssapi/gssapi.h>
 #include <kgssapi/gssapi_impl.h>
@@ -49,9 +51,16 @@ gss_display_status(OM_uint32 *minor_stat
 	struct display_status_res res;
 	struct display_status_args args;
 	enum clnt_stat stat;
+	CLIENT *cl;
 
-	if (!kgss_gssd_handle)
+	mtx_lock(&kgss_gssd_lock);
+	if (kgss_gssd_handle == NULL) {
+		mtx_unlock(&kgss_gssd_lock);
 		return (GSS_S_FAILURE);
+	}
+	CLNT_ACQUIRE(kgss_gssd_handle);
+	cl = kgss_gssd_handle;
+	mtx_unlock(&kgss_gssd_lock);
 
 	args.status_value = status_value;
 	args.status_type = status_type;
@@ -59,7 +68,8 @@ gss_display_status(OM_uint32 *minor_stat
 	args.message_context = *message_context;
 	
 	bzero(&res, sizeof(res));
-	stat = gssd_display_status_1(&args, &res, kgss_gssd_handle);
+	stat = gssd_display_status_1(&args, &res, cl);
+	CLNT_RELEASE(cl);
 	if (stat != RPC_SUCCESS) {
 		*minor_status = stat;
 		return (GSS_S_FAILURE);
--- kgssapi/gss_export_name.c.sav	2012-09-26 09:01:18.000000000 -0400
+++ kgssapi/gss_export_name.c	2012-09-26 10:06:07.000000000 -0400
@@ -31,7 +31,9 @@ __FBSDID("$FreeBSD: head/sys/kgssapi/gss
 #include <sys/param.h>
 #include <sys/kernel.h>
 #include <sys/kobj.h>
+#include <sys/lock.h>
 #include <sys/malloc.h>
+#include <sys/mutex.h>
 
 #include <kgssapi/gssapi.h>
 #include <kgssapi/gssapi_impl.h>
@@ -45,14 +47,22 @@ gss_export_name(OM_uint32 *minor_status,
 	struct export_name_res res;
 	struct export_name_args args;
 	enum clnt_stat stat;
+	CLIENT *cl;
 
-	if (!kgss_gssd_handle)
+	mtx_lock(&kgss_gssd_lock);
+	if (kgss_gssd_handle == NULL) {
+		mtx_unlock(&kgss_gssd_lock);
 		return (GSS_S_FAILURE);
+	}
+	CLNT_ACQUIRE(kgss_gssd_handle);
+	cl = kgss_gssd_handle;
+	mtx_unlock(&kgss_gssd_lock);
 
 	args.input_name = input_name->handle;
 
 	bzero(&res, sizeof(res));
-	stat = gssd_export_name_1(&args, &res, kgss_gssd_handle);
+	stat = gssd_export_name_1(&args, &res, cl);
+	CLNT_RELEASE(cl);
 	if (stat != RPC_SUCCESS) {
 		*minor_status = stat;
 		return (GSS_S_FAILURE);
--- kgssapi/gss_impl.c.sav	2012-09-23 20:22:47.000000000 -0400
+++ kgssapi/gss_impl.c	2012-09-26 10:03:44.000000000 -0400
@@ -31,8 +31,10 @@ __FBSDID("$FreeBSD: head/sys/kgssapi/gss
 #include <sys/param.h>
 #include <sys/kernel.h>
 #include <sys/kobj.h>
+#include <sys/lock.h>
 #include <sys/malloc.h>
 #include <sys/module.h>
+#include <sys/mutex.h>
 #include <sys/priv.h>
 #include <sys/syscall.h>
 #include <sys/sysent.h>
@@ -59,6 +61,7 @@ static bool_t gssd_syscall_registered = 
 
 struct kgss_mech_list kgss_mechs;
 CLIENT *kgss_gssd_handle;
+struct mtx kgss_gssd_lock;
 
 static void
 kgss_init(void *dummy)
@@ -92,14 +95,12 @@ sys_gssd_syscall(struct thread *td, stru
         struct netconfig *nconf;
 	char path[MAXPATHLEN];
 	int error;
+	CLIENT *cl, *oldcl;
         
 	error = priv_check(td, PRIV_NFS_DAEMON);
 	if (error)
 		return (error);
 
-	if (kgss_gssd_handle)
-		CLNT_DESTROY(kgss_gssd_handle);
-
 	error = copyinstr(uap->path, path, sizeof(path), NULL);
 	if (error)
 		return (error);
@@ -109,10 +110,20 @@ sys_gssd_syscall(struct thread *td, stru
         sun.sun_len = SUN_LEN(&sun);
         
         nconf = getnetconfigent("local");
-        kgss_gssd_handle = clnt_reconnect_create(nconf,
+        cl = clnt_reconnect_create(nconf,
 	    (struct sockaddr *) &sun, GSSD, GSSDVERS,
 	    RPC_MAXDATASIZE, RPC_MAXDATASIZE);
 
+	mtx_lock(&kgss_gssd_lock);
+	oldcl = kgss_gssd_handle;
+	kgss_gssd_handle = cl;
+	mtx_unlock(&kgss_gssd_lock);
+
+	if (oldcl != NULL) {
+		CLNT_CLOSE(oldcl);
+		CLNT_RELEASE(oldcl);
+	}
+
 	return (0);
 }
 
@@ -280,6 +291,7 @@ kgssapi_modevent(module_t mod, int type,
 		    rpc_gss_get_principal_name;
 		rpc_gss_entries.rpc_gss_svc_max_data_length =
 		    rpc_gss_svc_max_data_length;
+		mtx_init(&kgss_gssd_lock, "kgss_gssd_lock", NULL, MTX_DEF);
 		break;
 	case MOD_UNLOAD:
 		/*
--- kgssapi/gss_import_name.c.sav	2012-09-26 09:01:18.000000000 -0400
+++ kgssapi/gss_import_name.c	2012-09-26 10:04:02.000000000 -0400
@@ -31,7 +31,9 @@ __FBSDID("$FreeBSD: head/sys/kgssapi/gss
 #include <sys/param.h>
 #include <sys/kernel.h>
 #include <sys/kobj.h>
+#include <sys/lock.h>
 #include <sys/malloc.h>
+#include <sys/mutex.h>
 
 #include <kgssapi/gssapi.h>
 #include <kgssapi/gssapi_impl.h>
@@ -48,18 +50,26 @@ gss_import_name(OM_uint32 *minor_status,
 	struct import_name_args args;
 	enum clnt_stat stat;
 	gss_name_t name;
+	CLIENT *cl;
 
 	*minor_status = 0;
 	*output_name = GSS_C_NO_NAME;
 
-	if (!kgss_gssd_handle)
+	mtx_lock(&kgss_gssd_lock);
+	if (kgss_gssd_handle == NULL) {
+		mtx_unlock(&kgss_gssd_lock);
 		return (GSS_S_FAILURE);
+	}
+	CLNT_ACQUIRE(kgss_gssd_handle);
+	cl = kgss_gssd_handle;
+	mtx_unlock(&kgss_gssd_lock);
 
 	args.input_name_buffer = *input_name_buffer;
 	args.input_name_type = input_name_type;
 	
 	bzero(&res, sizeof(res));
-	stat = gssd_import_name_1(&args, &res, kgss_gssd_handle);
+	stat = gssd_import_name_1(&args, &res, cl);
+	CLNT_RELEASE(cl);
 	if (stat != RPC_SUCCESS) {
 		*minor_status = stat;
 		return (GSS_S_FAILURE);
--- kgssapi/gss_init_sec_context.c.sav	2012-09-26 09:01:18.000000000 -0400
+++ kgssapi/gss_init_sec_context.c	2012-09-26 10:04:24.000000000 -0400
@@ -31,7 +31,9 @@ __FBSDID("$FreeBSD: head/sys/kgssapi/gss
 #include <sys/param.h>
 #include <sys/kernel.h>
 #include <sys/kobj.h>
+#include <sys/lock.h>
 #include <sys/malloc.h>
+#include <sys/mutex.h>
 #include <sys/proc.h>
 
 #include <kgssapi/gssapi.h>
@@ -60,11 +62,18 @@ gss_init_sec_context(OM_uint32 * minor_s
 	struct init_sec_context_args args;
 	enum clnt_stat stat;
 	gss_ctx_id_t ctx = *context_handle;
+	CLIENT *cl;
 
 	*minor_status = 0;
 
-	if (!kgss_gssd_handle)
+	mtx_lock(&kgss_gssd_lock);
+	if (kgss_gssd_handle == NULL) {
+		mtx_unlock(&kgss_gssd_lock);
 		return (GSS_S_FAILURE);
+	}
+	CLNT_ACQUIRE(kgss_gssd_handle);
+	cl = kgss_gssd_handle;
+	mtx_unlock(&kgss_gssd_lock);
 
 	args.uid = curthread->td_ucred->cr_uid;
 	if  (initiator_cred_handle)
@@ -88,7 +97,8 @@ gss_init_sec_context(OM_uint32 * minor_s
 	}
 
 	bzero(&res, sizeof(res));
-	stat = gssd_init_sec_context_1(&args, &res, kgss_gssd_handle);
+	stat = gssd_init_sec_context_1(&args, &res, cl);
+	CLNT_RELEASE(cl);
 	if (stat != RPC_SUCCESS) {
 		*minor_status = stat;
 		return (GSS_S_FAILURE);
--- kgssapi/gss_pname_to_uid.c.sav	2012-09-26 09:01:18.000000000 -0400
+++ kgssapi/gss_pname_to_uid.c	2012-09-26 10:04:41.000000000 -0400
@@ -31,7 +31,9 @@ __FBSDID("$FreeBSD: head/sys/kgssapi/gss
 #include <sys/param.h>
 #include <sys/kernel.h>
 #include <sys/kobj.h>
+#include <sys/lock.h>
 #include <sys/malloc.h>
+#include <sys/mutex.h>
 
 #include <kgssapi/gssapi.h>
 #include <kgssapi/gssapi_impl.h>
@@ -45,20 +47,28 @@ gss_pname_to_uid(OM_uint32 *minor_status
 	struct pname_to_uid_res res;
 	struct pname_to_uid_args args;
 	enum clnt_stat stat;
+	CLIENT *cl;
 
 	*minor_status = 0;
 
-	if (!kgss_gssd_handle)
-		return (GSS_S_FAILURE);
-
 	if (pname == GSS_C_NO_NAME)
 		return (GSS_S_BAD_NAME);
 
+	mtx_lock(&kgss_gssd_lock);
+	if (kgss_gssd_handle == NULL) {
+		mtx_unlock(&kgss_gssd_lock);
+		return (GSS_S_FAILURE);
+	}
+	CLNT_ACQUIRE(kgss_gssd_handle);
+	cl = kgss_gssd_handle;
+	mtx_unlock(&kgss_gssd_lock);
+
 	args.pname = pname->handle;
 	args.mech = mech;
 
 	bzero(&res, sizeof(res));
-	stat = gssd_pname_to_uid_1(&args, &res, kgss_gssd_handle);
+	stat = gssd_pname_to_uid_1(&args, &res, cl);
+	CLNT_RELEASE(cl);
 	if (stat != RPC_SUCCESS) {
 		*minor_status = stat;
 		return (GSS_S_FAILURE);
@@ -83,20 +93,28 @@ gss_pname_to_unix_cred(OM_uint32 *minor_
 	struct pname_to_uid_args args;
 	enum clnt_stat stat;
 	int i, n;
+	CLIENT *cl;
 
 	*minor_status = 0;
 
-	if (!kgss_gssd_handle)
-		return (GSS_S_FAILURE);
-
 	if (pname == GSS_C_NO_NAME)
 		return (GSS_S_BAD_NAME);
 
+	mtx_lock(&kgss_gssd_lock);
+	if (kgss_gssd_handle == NULL) {
+		mtx_unlock(&kgss_gssd_lock);
+		return (GSS_S_FAILURE);
+	}
+	CLNT_ACQUIRE(kgss_gssd_handle);
+	cl = kgss_gssd_handle;
+	mtx_unlock(&kgss_gssd_lock);
+
 	args.pname = pname->handle;
 	args.mech = mech;
 
 	bzero(&res, sizeof(res));
-	stat = gssd_pname_to_uid_1(&args, &res, kgss_gssd_handle);
+	stat = gssd_pname_to_uid_1(&args, &res, cl);
+	CLNT_RELEASE(cl);
 	if (stat != RPC_SUCCESS) {
 		*minor_status = stat;
 		return (GSS_S_FAILURE);
--- kgssapi/gss_release_cred.c.sav	2012-09-26 09:01:18.000000000 -0400
+++ kgssapi/gss_release_cred.c	2012-09-26 10:04:59.000000000 -0400
@@ -31,7 +31,9 @@ __FBSDID("$FreeBSD: head/sys/kgssapi/gss
 #include <sys/param.h>
 #include <sys/kernel.h>
 #include <sys/kobj.h>
+#include <sys/lock.h>
 #include <sys/malloc.h>
+#include <sys/mutex.h>
 
 #include <kgssapi/gssapi.h>
 #include <kgssapi/gssapi_impl.h>
@@ -44,13 +46,24 @@ gss_release_cred(OM_uint32 *minor_status
 	struct release_cred_res res;
 	struct release_cred_args args;
 	enum clnt_stat stat;
+	CLIENT *cl;
 
 	if (!kgss_gssd_handle)
 		return (GSS_S_FAILURE);
 
 	if (*cred_handle) {
 		args.cred = (*cred_handle)->handle;
-		stat = gssd_release_cred_1(&args, &res, kgss_gssd_handle);
+
+		mtx_lock(&kgss_gssd_lock);
+		if (kgss_gssd_handle == NULL) {
+			mtx_unlock(&kgss_gssd_lock);
+			return (GSS_S_FAILURE);
+		}
+		CLNT_ACQUIRE(kgss_gssd_handle);
+		cl = kgss_gssd_handle;
+		mtx_unlock(&kgss_gssd_lock);
+		stat = gssd_release_cred_1(&args, &res, cl);
+		CLNT_RELEASE(cl);
 		if (stat != RPC_SUCCESS) {
 			*minor_status = stat;
 			return (GSS_S_FAILURE);
--- kgssapi/gss_release_name.c.sav	2012-09-26 09:01:18.000000000 -0400
+++ kgssapi/gss_release_name.c	2012-09-26 10:05:14.000000000 -0400
@@ -31,7 +31,9 @@ __FBSDID("$FreeBSD: head/sys/kgssapi/gss
 #include <sys/param.h>
 #include <sys/kernel.h>
 #include <sys/kobj.h>
+#include <sys/lock.h>
 #include <sys/malloc.h>
+#include <sys/mutex.h>
 
 #include <kgssapi/gssapi.h>
 #include <kgssapi/gssapi_impl.h>
@@ -45,6 +47,7 @@ gss_release_name(OM_uint32 *minor_status
 	struct release_name_args args;
 	enum clnt_stat stat;
 	gss_name_t name;
+	CLIENT *cl;
 
 	if (!kgss_gssd_handle)
 		return (GSS_S_FAILURE);
@@ -53,7 +56,16 @@ gss_release_name(OM_uint32 *minor_status
 		name = *input_name;
 		args.input_name = name->handle;
 	
-		stat = gssd_release_name_1(&args, &res, kgss_gssd_handle);
+		mtx_lock(&kgss_gssd_lock);
+		if (kgss_gssd_handle == NULL) {
+			mtx_unlock(&kgss_gssd_lock);
+			return (GSS_S_FAILURE);
+		}
+		CLNT_ACQUIRE(kgss_gssd_handle);
+		cl = kgss_gssd_handle;
+		mtx_unlock(&kgss_gssd_lock);
+		stat = gssd_release_name_1(&args, &res, cl);
+		CLNT_RELEASE(cl);
 		if (stat != RPC_SUCCESS) {
 			*minor_status = stat;
 			return (GSS_S_FAILURE);
--- kgssapi/gss_set_cred_option.c.sav	2012-09-26 09:01:18.000000000 -0400
+++ kgssapi/gss_set_cred_option.c	2012-09-26 10:05:36.000000000 -0400
@@ -31,7 +31,9 @@ __FBSDID("$FreeBSD: head/sys/kgssapi/gss
 #include <sys/param.h>
 #include <sys/kernel.h>
 #include <sys/kobj.h>
+#include <sys/lock.h>
 #include <sys/malloc.h>
+#include <sys/mutex.h>
 
 #include <kgssapi/gssapi.h>
 #include <kgssapi/gssapi_impl.h>
@@ -47,11 +49,18 @@ gss_set_cred_option(OM_uint32 *minor_sta
 	struct set_cred_option_res res;
 	struct set_cred_option_args args;
 	enum clnt_stat stat;
+	CLIENT *cl;
 
 	*minor_status = 0;
 
-	if (!kgss_gssd_handle)
+	mtx_lock(&kgss_gssd_lock);
+	if (kgss_gssd_handle == NULL) {
+		mtx_unlock(&kgss_gssd_lock);
 		return (GSS_S_FAILURE);
+	}
+	CLNT_ACQUIRE(kgss_gssd_handle);
+	cl = kgss_gssd_handle;
+	mtx_unlock(&kgss_gssd_lock);
 
 	if (cred)
 		args.cred = (*cred)->handle;
@@ -61,7 +70,8 @@ gss_set_cred_option(OM_uint32 *minor_sta
 	args.option_value = *option_value;
 
 	bzero(&res, sizeof(res));
-	stat = gssd_set_cred_option_1(&args, &res, kgss_gssd_handle);
+	stat = gssd_set_cred_option_1(&args, &res, cl);
+	CLNT_RELEASE(cl);
 
 	if (stat != RPC_SUCCESS) {
 		*minor_status = stat;
--- kgssapi/gssapi_impl.h.sav	2012-09-26 09:46:51.000000000 -0400
+++ kgssapi/gssapi_impl.h	2012-09-26 09:47:25.000000000 -0400
@@ -53,6 +53,7 @@ struct kgss_mech {
 LIST_HEAD(kgss_mech_list, kgss_mech);
 
 extern CLIENT *kgss_gssd_handle;
+extern struct mtx kgss_gssd_lock;
 extern struct kgss_mech_list kgss_mechs;
 
 int kgss_oid_equal(const gss_OID oid1, const gss_OID oid2);