diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c
index d1efed77b..e7cf4f6ce 100644
--- a/lib/gssapi/krb5/unwrap.c
+++ b/lib/gssapi/krb5/unwrap.c
@@ -290,15 +290,21 @@ unwrap_des3
   p -= 28;
 
   ret = krb5_crypto_init(gssapi_krb5_context, key,
-			 ETYPE_DES3_CBC_NONE, &crypto);
+			 ETYPE_DES3_CBC_NONE_IVEC, &crypto);
   if (ret) {
       *minor_status = ret;
       return GSS_S_FAILURE;
   }
-  ret = krb5_decrypt (gssapi_krb5_context,
-		      crypto,
-		      KRB5_KU_USAGE_SEQ,
-		      p, 8, &seq_data);
+  {
+      des_cblock ivec;
+
+      memcpy(&ivec, p + 8, 8);
+      ret = krb5_decrypt_ivec (gssapi_krb5_context,
+			       crypto,
+			       KRB5_KU_USAGE_SEQ,
+			       p, 8, &seq_data,
+			       &ivec);
+  }
   krb5_crypto_destroy (gssapi_krb5_context, crypto);
   if (ret) {
       *minor_status = ret;
diff --git a/lib/gssapi/unwrap.c b/lib/gssapi/unwrap.c
index d1efed77b..e7cf4f6ce 100644
--- a/lib/gssapi/unwrap.c
+++ b/lib/gssapi/unwrap.c
@@ -290,15 +290,21 @@ unwrap_des3
   p -= 28;
 
   ret = krb5_crypto_init(gssapi_krb5_context, key,
-			 ETYPE_DES3_CBC_NONE, &crypto);
+			 ETYPE_DES3_CBC_NONE_IVEC, &crypto);
   if (ret) {
       *minor_status = ret;
       return GSS_S_FAILURE;
   }
-  ret = krb5_decrypt (gssapi_krb5_context,
-		      crypto,
-		      KRB5_KU_USAGE_SEQ,
-		      p, 8, &seq_data);
+  {
+      des_cblock ivec;
+
+      memcpy(&ivec, p + 8, 8);
+      ret = krb5_decrypt_ivec (gssapi_krb5_context,
+			       crypto,
+			       KRB5_KU_USAGE_SEQ,
+			       p, 8, &seq_data,
+			       &ivec);
+  }
   krb5_crypto_destroy (gssapi_krb5_context, crypto);
   if (ret) {
       *minor_status = ret;