diff --git a/lib/gssapi/gssapi.h b/lib/gssapi/gssapi.h
index 3bc000e2a..b573d205c 100644
--- a/lib/gssapi/gssapi.h
+++ b/lib/gssapi/gssapi.h
@@ -116,6 +116,14 @@ typedef OM_uint32 gss_qop_t;
 #define GSS_C_PROT_READY_FLAG 128
 #define GSS_C_TRANS_FLAG 256
 
+/*
+ * GSS_C_EXPECTING_MECH_LIST_MIC_FLAG - Setting this flag causes the
+ * initiator to insist that the acceptor integrity protect the mechanism
+ * list when using SPNEGO. This can be forced on by setting the 
+ * [gssapi]require_mechlist_mic option in krb5.conf.
+ */
+#define GSS_C_EXPECTING_MECH_LIST_MIC_FLAG 0x10000
+
 /*
  * Credential usage options
  */
diff --git a/lib/gssapi/krb5/gssapi.h b/lib/gssapi/krb5/gssapi.h
index 3bc000e2a..b573d205c 100644
--- a/lib/gssapi/krb5/gssapi.h
+++ b/lib/gssapi/krb5/gssapi.h
@@ -116,6 +116,14 @@ typedef OM_uint32 gss_qop_t;
 #define GSS_C_PROT_READY_FLAG 128
 #define GSS_C_TRANS_FLAG 256
 
+/*
+ * GSS_C_EXPECTING_MECH_LIST_MIC_FLAG - Setting this flag causes the
+ * initiator to insist that the acceptor integrity protect the mechanism
+ * list when using SPNEGO. This can be forced on by setting the 
+ * [gssapi]require_mechlist_mic option in krb5.conf.
+ */
+#define GSS_C_EXPECTING_MECH_LIST_MIC_FLAG 0x10000
+
 /*
  * Credential usage options
  */