diff --git a/kuser/kinit.c b/kuser/kinit.c
index 9a8232c3a..bfac891a4 100644
--- a/kuser/kinit.c
+++ b/kuser/kinit.c
@@ -248,7 +248,7 @@ usage (int ret)
     arg_printusage (args,
 		    sizeof(args)/sizeof(*args),
 		    NULL,
-		    "[principal]");
+		    "[principal [command]]");
     exit (ret);
 }
 
@@ -379,9 +379,6 @@ main (int argc, char **argv)
     argc -= optind;
     argv += optind;
 
-    if (argc > 1)
-	usage (1);
-
     if (argv[0]) {
 	ret = krb5_parse_name (context, argv[0], &principal);
 	if (ret)
@@ -397,8 +394,26 @@ main (int argc, char **argv)
 
     if(cred_cache) 
 	ret = krb5_cc_resolve(context, cred_cache, &ccache);
-    else
-	ret = krb5_cc_default (context, &ccache);
+    else {
+	if(argc > 1) {
+	    char s[1024];
+	    ret = krb5_cc_gen_new(context, &krb5_fcc_ops, &ccache);
+	    if(ret)
+		krb5_err(context, 1, ret, "creating cred cache");
+	    snprintf(s, sizeof(s), "%s:%s",
+		     krb5_cc_get_type(context, ccache),
+		     krb5_cc_get_name(context, ccache));
+	    setenv("KRB5CCNAME", s, 1);
+#ifdef KRB4
+	    snprintf(s, sizeof(s), "%s_XXXXXX", TKT_ROOT);
+	    close(mkstemp(s));
+	    setenv("KRBTKFILE", s, 1);
+	    if (k_hasafs ())
+		k_setpag();
+#endif
+	} else
+	    ret = krb5_cc_default (context, &ccache);
+    }
     if (ret)
 	krb5_err (context, 1, ret, "resolving credentials cache");
 
@@ -573,9 +588,18 @@ main (int argc, char **argv)
     }
     if(do_afslog && k_hasafs())
 	krb5_afslog(context, ccache, NULL, NULL);
-#endif
     krb5_free_creds_contents (context, &cred);
-    krb5_cc_close (context, ccache);
+#endif
+    if(argc > 1) {
+	simple_execvp(argv[1], argv+1);
+	krb5_cc_destroy(context, ccache);
+#ifdef KRB4
+	dest_tkt();
+	if(k_hasafs())
+	    k_unlog();
+#endif
+    } else 
+	krb5_cc_close (context, ccache);
     krb5_free_context (context);
     return 0;
 }