diff -Nru nfs-utils-1.2.5/debian/changelog nfs-utils-1.2.5/debian/changelog
--- nfs-utils-1.2.5/debian/changelog	2012-04-09 01:44:41.000000000 -0400
+++ nfs-utils-1.2.5/debian/changelog	2012-09-06 13:06:56.000000000 -0400
@@ -1,3 +1,11 @@
+nfs-utils (1:1.2.5-3ubuntu3.1) precise-proposed; urgency=low
+
+  [ Matthew L. Dailey ]
+  * Add "-e" (ticket expiry is error) option to rpc.gssd to prevent hangs due
+    to EKEYEXPIRED error from kernel on ticket expiry. LP: #794112 
+
+ -- Adam Stokes <adam.stokes@canonical.com>  Thu, 06 Sep 2012 13:06:19 -0400
+
 nfs-utils (1:1.2.5-3ubuntu3) precise; urgency=low
 
   * In some cases, /var/lib/nfs/rpc_pipefs is successfully unmounted on
diff -Nru nfs-utils-1.2.5/debian/patches/19-ticket-expired-error.patch nfs-utils-1.2.5/debian/patches/19-ticket-expired-error.patch
--- nfs-utils-1.2.5/debian/patches/19-ticket-expired-error.patch	1969-12-31 19:00:00.000000000 -0500
+++ nfs-utils-1.2.5/debian/patches/19-ticket-expired-error.patch	2012-09-06 13:06:14.000000000 -0400
@@ -0,0 +1,84 @@
+From: Matthew L. Dailey <matthew.l.dailey@dartmouth.edu>
+Description: Add "-e" (ticket expiry is error) option to rpc.gssd
+ In kernels starting around 2.6.34 the nfs4 server will block all I/O
+ when a user ticket expires.  In earlier kernels the I/O would fail
+ with an EACCESS error.  This patch adds a "-e" option to rpc.gssd
+ which allow the earlier behaviour (EKEYEXPIRED is converted to
+ EACCESS).  This behaviour is particularly useful when user home
+ directories are nfs4 mounted with krb5 security - if the user is
+ absent from their workstation for long enough for the ticket to
+ expire a new ticket will be obtained (via pam_krb5) by the screen
+ unlock process.
+Author: John Hughes <john@calva.com>
+Bug-Debian: http://bugs.debian.org/648155
+Bug-Ubuntu: https://launchpad.net/bugs/794112
+Origin: upstream, http://bugs.debian.org/648155
+
+--- nfs-utils-1.2.5.orig/utils/gssd/gssd.man
++++ nfs-utils-1.2.5/utils/gssd/gssd.man
+@@ -106,6 +106,12 @@ new kernel contexts to be negotiated aft
+ seconds, which allows changing Kerberos tickets and identities frequently.
+ The default is no explicit timeout, which means the kernel context will live
+ the lifetime of the Kerberos service ticket used in its creation.
++.TP
++.B -e
++Return EACCESS instead of EKEYEXPIRED when a user's credentials expire.
++Returning EKEYEXPIRED was introduced around kernel 2.6.34 and causes all nfs4
++I/O to block when a user's credentials expire. This option reverts to old
++bevavior.
+ .SH SEE ALSO
+ .BR rpc.svcgssd(8)
+ .SH AUTHORS
+--- nfs-utils-1.2.5.orig/utils/gssd/gssd.c
++++ nfs-utils-1.2.5/utils/gssd/gssd.c
+@@ -63,6 +63,7 @@ int  use_memcache = 0;
+ int  root_uses_machine_creds = 1;
+ unsigned int  context_timeout = 0;
+ char *preferred_realm = NULL;
++int ticket_expiry_is_error = 0;
+ 
+ void
+ sig_die(int signal)
+@@ -85,7 +86,7 @@ sig_hup(int signal)
+ static void
+ usage(char *progname)
+ {
+-	fprintf(stderr, "usage: %s [-f] [-M] [-n] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir] [-t timeout] [-R preferred realm]\n",
++	fprintf(stderr, "usage: %s [-e] [-f] [-M] [-n] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir] [-t timeout] [-R preferred realm]\n",
+ 		progname);
+ 	exit(1);
+ }
+@@ -102,8 +103,11 @@ main(int argc, char *argv[])
+ 	char *progname;
+ 
+ 	memset(ccachesearch, 0, sizeof(ccachesearch));
+-	while ((opt = getopt(argc, argv, "fvrmnMp:k:d:t:R:")) != -1) {
++	while ((opt = getopt(argc, argv, "efvrmnMp:k:d:t:R:")) != -1) {
+ 		switch (opt) {
++			case 'e':
++				ticket_expiry_is_error = 1;
++				break;
+ 			case 'f':
+ 				fg = 1;
+ 				break;
+--- nfs-utils-1.2.5.orig/utils/gssd/gssd.h
++++ nfs-utils-1.2.5/utils/gssd/gssd.h
+@@ -66,6 +66,7 @@ extern int			use_memcache;
+ extern int			root_uses_machine_creds;
+ extern unsigned int 		context_timeout;
+ extern char			*preferred_realm;
++extern int			ticket_expiry_is_error;
+ 
+ TAILQ_HEAD(clnt_list_head, clnt_info) clnt_list;
+ 
+--- nfs-utils-1.2.5.orig/utils/gssd/gssd_proc.c
++++ nfs-utils-1.2.5/utils/gssd/gssd_proc.c
+@@ -1007,7 +1007,7 @@ process_krb5_upcall(struct clnt_info *cl
+ 		/* Tell krb5 gss which credentials cache to use */
+ 		for (dirname = ccachesearch; *dirname != NULL; dirname++) {
+ 			err = gssd_setup_krb5_user_gss_ccache(uid, clp->servername, *dirname);
+-			if (err == -EKEYEXPIRED)
++			if (err == -EKEYEXPIRED && !ticket_expiry_is_error)
+ 				downcall_err = -EKEYEXPIRED;
+ 			else if (!err)
+ 				create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid,
diff -Nru nfs-utils-1.2.5/debian/patches/series nfs-utils-1.2.5/debian/patches/series
--- nfs-utils-1.2.5/debian/patches/series	2012-03-27 13:40:11.000000000 -0400
+++ nfs-utils-1.2.5/debian/patches/series	2012-09-06 13:06:14.000000000 -0400
@@ -5,3 +5,4 @@
 16-mount.nfs.man-update-distinction-between-fstype.patch
 17-multiarch-kerberos-paths.patch
 18-dont-use-PAGE_SIZE.patch
+19-ticket-expired-error.patch