--- nfs-utils-1.0.7/utils/gssd/gssd.c.orig	2005-08-09 13:22:03.396443000 -0700
+++ nfs-utils-1.0.7/utils/gssd/gssd.c	2005-08-09 13:35:19.999384000 -0700
@@ -55,6 +55,7 @@
 
 char pipefsdir[PATH_MAX] = GSSD_PIPEFS_DIR;
 char keytabfile[PATH_MAX] = GSSD_DEFAULT_KEYTAB_FILE;
+char ccachedir[PATH_MAX] = "";
 
 void
 sig_die(int signal)
@@ -68,7 +69,7 @@
 static void
 usage(char *progname)
 {
-	fprintf(stderr, "usage: %s [-f] [-v] [-r] [-p pipefsdir] [-k keytab]\n",
+	fprintf(stderr, "usage: %s [ -c ccache dir] [-f] [-v] [-r] [-p pipefsdir] [-k keytab]\n",
 		progname);
 	exit(1);
 }
@@ -83,8 +84,15 @@
 	extern char *optarg;
 	char *progname;
 
-	while ((opt = getopt(argc, argv, "fvrmp:k:")) != -1) {
+	while ((opt = getopt(argc, argv, "c:fvrmp:k:")) != -1) {
 		switch (opt) {
+
+                       case 'c':
+                               /* extra flag to override ccache dir variable */
+                               strncpy(ccachedir, optarg, sizeof(ccachedir));
+                               if (ccachedir[sizeof(ccachedir)-1] != '\0')
+                                        errx(1, "ccache dir name too long");
+                               break;
 			case 'f':
 				fg = 1;
 				break;
--- nfs-utils-1.0.7/utils/gssd/gssd.h.orig	2005-08-09 13:22:03.374442000 -0700
+++ nfs-utils-1.0.7/utils/gssd/gssd.h	2005-08-09 13:35:20.017387000 -0700
@@ -63,6 +63,7 @@
 
 extern char			pipefsdir[PATH_MAX];
 extern char			keytabfile[PATH_MAX];
+extern char			ccachedir[PATH_MAX];
 
 TAILQ_HEAD(clnt_list_head, clnt_info) clnt_list;
 
--- nfs-utils-1.0.7/utils/gssd/gssd.man.orig	2005-08-09 13:22:03.385451000 -0700
+++ nfs-utils-1.0.7/utils/gssd/gssd.man	2005-08-09 13:35:20.035383000 -0700
@@ -6,7 +6,7 @@
 .SH NAME
 rpc.gssd \- rpcsec_gss daemon
 .SH SYNOPSIS
-.B "rpc.gssd [-f] [-k keytab] [-p pipefsdir] [-v] [-r]"
+.B "rpc.gssd [-f] [-k keytab] [-p pipefsdir] [-v] [-r] [-c ccache dir]"
 .SH DESCRIPTION
 The rpcsec_gss protocol gives a means of using the gss-api generic security
 api to provide security for protocols using rpc (in particular, nfs).  Before
@@ -48,6 +48,14 @@
 where to look for the rpc_pipefs filesystem.  The default value is
 "/var/lib/nfs/rpc_pipefs".
 .TP
+.B -c ccache dir
+Provides an alternate directory to look for credential caches.
+The primary location (/tmp) is always checked first.
+.TP
+.B -c ccache dir
+Provides an alternate directory to look for credential caches.
+The primary location (/tmp) is always checked first.
+.TP
 .B -v
 Increases the verbosity of the output (can be specified multiple times).
 .TP

--- /home/duff/www/p/nfs-utils-1.0.7/utils/gssd/gssd_proc.c.orig	2005-08-09 13:22:03.615444000 -0700
+++ nfs-utils-1.0.7/utils/gssd/gssd_proc.c	2005-09-12 01:03:55.000000000 -0700
@@ -581,10 +581,16 @@
 		gssd_setup_krb5_user_gss_ccache(uid, clp->servername);
 
 		if (create_auth_rpc_client(clp, &auth, uid, AUTHTYPE_KRB5)) {
-			printerr(0, "WARNING: Failed to create krb5 context "
-				    "for user with uid %d for server %s\n",
-				 uid, clp->servername);
-			goto out_return_error;
+
+			/* retry with alt location */
+		  	gssd_setup_krb5_user_gss_alt_ccache(uid, clp->servername);
+			if (create_auth_rpc_client(clp, &auth, uid, AUTHTYPE_KRB5)) {
+				printerr(2, "WARNING: Failed to create alt krb5"
+				    	" context for user with uid %d"
+					" for server %s\n",
+					uid, clp->servername);
+				goto out_return_error;
+			}
 		}
 	}
 
--- krb5_util.h.orig	2005-09-12 01:02:40.000000000 -0700
+++ nfs-utils-1.0.7/utils/gssd/krb5_util.h	2005-09-12 01:02:51.000000000 -0700
@@ -17,6 +17,7 @@
 
 
 void gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername);
+void gssd_setup_krb5_user_gss_alt_ccache(uid_t uid, char *servername);
 int  gssd_get_krb5_machine_cred_list(char ***list);
 int  gssd_refresh_krb5_machine_creds(void);
 void gssd_free_krb5_machine_cred_list(char **list);
--- krb5_util.c.orig	2005-09-12 00:56:26.000000000 -0700
+++ nfs-utils-1.0.7/utils/gssd/krb5_util.c	2005-09-12 01:02:14.000000000 -0700
@@ -631,6 +631,26 @@
 }
 
 /*
+ * Attempt to look in the alternate specified dir for a user/cron instance.
+ */
+void
+gssd_setup_krb5_user_gss_alt_ccache(uid_t uid, char *servername)
+{
+	char			buf[MAX_NETOBJ_SZ];
+	struct dirent		*d;
+
+	printerr(2, "getting credentials for client with uid %u for "
+		    "server %s\n", uid, servername);
+	memset(buf, 0, sizeof(buf));
+	snprintf(buf, sizeof(buf), "FILE:%s/%s%u",
+		ccachedir,
+		GSSD_DEFAULT_CRED_PREFIX, uid);
+	printerr(2, "using %s as credentials cache for client with "
+		    "uid %u for server %s\n", buf, uid, servername);
+	gssd_set_krb5_ccache_name(buf);
+}
+
+/*
  * Let the gss code know where to find the machine credentials ccache.
  *
  * Returns: