diff --git a/lib/gssapi/spnego/negoex_ctx.c b/lib/gssapi/spnego/negoex_ctx.c
index dd4a88078..73ace4d80 100644
--- a/lib/gssapi/spnego/negoex_ctx.c
+++ b/lib/gssapi/spnego/negoex_ctx.c
@@ -783,6 +783,8 @@ _gss_negoex_init(OM_uint32 *minor,
     size_t nmessages = 0;
     int send_alert = FALSE, mech_error = FALSE;
 
+    _mg_buffer_zero(output_token);
+
     if (ctx->negoex_step == 0 && input_token != GSS_C_NO_BUFFER &&
 	input_token->length != 0)
 	return GSS_S_DEFECTIVE_TOKEN;
@@ -901,6 +903,10 @@ _gss_negoex_accept(OM_uint32 *minor,
     size_t nmessages;
     int send_alert = FALSE, mech_error = FALSE;
 
+    _mg_buffer_zero(output_token);
+    if (deleg_cred)
+	*deleg_cred = GSS_C_NO_CREDENTIAL;
+
     if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
 	major = GSS_S_DEFECTIVE_TOKEN;
 	goto cleanup;
diff --git a/lib/gssapi/spnego/spnego_locl.h b/lib/gssapi/spnego/spnego_locl.h
index 9b0e3310f..6c0ddc956 100644
--- a/lib/gssapi/spnego/spnego_locl.h
+++ b/lib/gssapi/spnego/spnego_locl.h
@@ -68,6 +68,7 @@
 #include <asn1_err.h>
 
 #include <gssapi_mech.h>
+#include <mech_locl.h>
 
 #include "spnego_asn1.h"
 #include "negoex_locl.h"