--- heimdal-1.5.orig/lib/gssapi/krb5/init_sec_context.c	2011-07-30 16:43:29.000000000 -0400
+++ heimdal-1.5/lib/gssapi/krb5/init_sec_context.c	2011-09-13 13:23:53.000000000 -0400
@@ -425,15 +425,11 @@
     /*
      * This is hideous glue for (NFS) clients that wants to limit the
      * available enctypes to what it can support (encryption in
-     * kernel). If there is no enctypes selected for this credential,
-     * reset it to the default set of enctypes.
+     * kernel).
      */
     {
-	krb5_enctype *enctypes = NULL;
-
 	if (cred && cred->enctypes)
-	    enctypes = cred->enctypes;
-	krb5_set_default_in_tkt_etypes(context, enctypes);
+	    krb5_set_default_in_tkt_etypes(context, cred->enctypes);
     }
 
     /* canon name if needed for client + target realm */