diff --git a/lib/gssapi/krb5/init_sec_context.c b/lib/gssapi/krb5/init_sec_context.c
index 767ac1470..4aec29429 100644
--- a/lib/gssapi/krb5/init_sec_context.c
+++ b/lib/gssapi/krb5/init_sec_context.c
@@ -391,6 +391,20 @@ init_auth
 	goto failure;
 
 
+    /*
+     * This is hideous glue for (NFS) clients that wants to limit the
+     * available enctypes to what it can support (encryption in
+     * kernel). If there is no enctypes selected for this credential,
+     * reset it to the default set of enctypes.
+     */
+    {
+	krb5_enctype *enctypes = NULL;
+
+	if (initiator_cred_handle && initiator_cred_handle->enctypes)
+	    enctypes = initiator_cred_handle->enctypes;
+	krb5_set_default_in_tkt_etypes(context, enctypes);
+    }
+
     ret = gsskrb5_get_creds(minor_status,
 			    context,
 			    ccache,