diff --git a/tests/gss/check-context.in b/tests/gss/check-context.in
index 9ada5949c..24277d58a 100644
--- a/tests/gss/check-context.in
+++ b/tests/gss/check-context.in
@@ -50,6 +50,7 @@ nokeytab="FILE:no-such-keytab"
 cache="FILE:krb5ccfile"
 
 kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache ${afs_no_afslog}"
+klist="${TESTS_ENVIRONMENT} ../../kuser/heimtools klist -c $cache"
 klist="${TESTS_ENVIRONMENT} ../../kuser/klist -c $cache"
 kgetcred="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache"
 kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
@@ -123,6 +124,24 @@ trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
 
 testfailed="echo test failed; cat messages.log; exit 1"
 
+echo "Test gss_acquire_cred_with_password" ; > messages.log
+${context} --client-name=user1@${R} --client-password=u1 --mech-type=krb5 \
+        host@lucid.test.h5l.se || { eval "$testfailed"; }
+# These must fail (because wrong password)
+${context} --client-name=user1@${R} --client-password=u2 --mech-type=krb5 \
+        host@lucid.test.h5l.se && { eval "$testfailed"; }
+${context} --client-name=user1@${R} --client-password=u2 --mech-type='' \
+        --mech-types=krb5 host@lucid.test.h5l.se && { eval "$testfailed"; }
+${context} --client-name=user1@${R} --client-password=u2 --mech-type=krb5 \
+        --mech-types=krb5 host@lucid.test.h5l.se && { eval "$testfailed"; }
+${context} --client-name=user1@${R} --client-password=u2 --mech-type=all \
+        --mech-types=krb5 host@lucid.test.h5l.se && { eval "$testfailed"; }
+${context} --client-name=user1@${R} --client-password=u2 \
+        --mech-type=krb5,ntlm --mech-types=krb5 host@lucid.test.h5l.se \
+        && { eval "$testfailed"; }
+# gss_acquire_cred_with_password() must not have side-effects
+${klist} && { eval "$testfailed"; }
+
 echo "Getting client initial tickets" ; > messages.log
 ${kinit} --password-file=${objdir}/foopassword --forwardable user1@${R} || \
 	{ eval "$testfailed"; }