--- nfs-utils-1.0.7/utils/gssd/gssd.h.orig	2005-08-09 09:21:31.372991000 -0700
+++ nfs-utils-1.0.7/utils/gssd/gssd.h	2005-08-09 09:21:47.246543000 -0700
@@ -45,11 +45,14 @@
 #define DNOTIFY_SIGNAL		(SIGRTMIN + 3)
 
 #define GSSD_DEFAULT_CRED_DIR			"/tmp"
+#define GSSD_DEFAULT_ROOT_CRED_DIR		"/var/state/gssd"
 #define GSSD_DEFAULT_CRED_PREFIX		"krb5cc_"
 #define GSSD_DEFAULT_MACHINE_CRED_SUFFIX	"machine"
-#define GSSD_DEFAULT_KEYTAB_FILE		"/etc/krb5.keytab"
+#define GSSD_DEFAULT_KEYTAB_FILE		"/etc/nfsnobody.keytab"
 #define GSSD_SERVICE_NAME			"nfs"
 #define GSSD_SERVICE_NAME_LEN			3
+#define GSSD_MACHINECRED_NAME			"nfsnobody"
+#define GSSD_MACHINECRED_NAME_LEN		9
 
 /*
  * The gss mechanisms that we can handle
--- nfs-utils-1.0.7/utils/gssd/krb5_util.c.orig	2005-08-09 09:28:34.797147000 -0700
+++ nfs-utils-1.0.7/utils/gssd/krb5_util.c	2005-08-09 09:31:09.441807000 -0700
@@ -367,7 +367,7 @@
 	 */
 
 	snprintf(cc_name, sizeof(cc_name), "FILE:%s/%s%s_%s",
-		GSSD_DEFAULT_CRED_DIR, GSSD_DEFAULT_CRED_PREFIX,
+		GSSD_DEFAULT_ROOT_CRED_DIR, GSSD_DEFAULT_CRED_PREFIX,
 		GSSD_DEFAULT_MACHINE_CRED_SUFFIX, ple->realm);
 	ple->endtime = my_creds.times.endtime;
 	ple->ccname = strdup(cc_name);
@@ -476,13 +476,13 @@
 		printerr(2, "Processing keytab entry for principal '%s'\n",
 			 pname);
 #ifdef HAVE_KRB5
-		if ( (kte.principal->data[0].length == GSSD_SERVICE_NAME_LEN) &&
-		     (strncmp(kte.principal->data[0].data, GSSD_SERVICE_NAME,
-			      GSSD_SERVICE_NAME_LEN) == 0) &&
+		if ( (kte.principal->data[0].length == GSSD_MACHINECRED_NAME_LEN) &&
+		     (strncmp(kte.principal->data[0].data, GSSD_MACHINECRED_NAME,
+			      GSSD_MACHINECRED_NAME_LEN) == 0) &&
 #else
-		if ( (strlen(kte.principal->name.name_string.val[0]) == GSSD_SERVICE_NAME_LEN) &&
-		     (strncmp(kte.principal->name.name_string.val[0], GSSD_SERVICE_NAME,
-			      GSSD_SERVICE_NAME_LEN) == 0) &&
+		if ( (strlen(kte.principal->name.name_string.val[0]) == GSSD_MACHINECRED_NAME_LEN) &&
+		     (strncmp(kte.principal->name.name_string.val[0], GSSD_MACHINECRED_NAME,
+			      GSSD_MACHINECRED_NAME_LEN) == 0) &&
 			      
 #endif
 		     (!gssd_have_realm_ple((void *)&kte.principal->realm)) ) {
@@ -695,7 +695,7 @@
 			printerr(0, "Do you have a valid keytab entry for "
 				    "%s/<your.host>@<YOUR.REALM> in "
 				    "keytab file %s ?\n",
-				    GSSD_SERVICE_NAME, keytabfile);
+				    GSSD_MACHINECRED_NAME, keytabfile);
 			printerr(0, "Continuing without (machine) credentials "
 				    "- nfs4 mounts with Kerberos will fail\n");
 		}
--- nfs-utils-1.0.7/utils/gssd/gssd.man.orig	2005-08-09 09:19:44.130991000 -0700
+++ nfs-utils-1.0.7/utils/gssd/gssd.man	2005-08-09 09:20:16.367093000 -0700
@@ -38,8 +38,8 @@
 .\".B rpc.gssd
 .\"looks for a cached ticket for user $UID in /tmp/krb5cc_$UID.
 .\"With the -m option, the user with uid 0 will be treated specially, and will
-.\"be mapped instead to the credentials for the principal nfs/hostname found in
-.\"the keytab file.
+.\"be mapped instead to the credentials for the principal nfsnobody found in
+.\"the /etc/nfsnobody.keytab file.
 .\"(This option is now the default and is ignored if specified.)
 .TP
 .B -p path