--- mount/nfsmount.c.orig	2006-03-17 19:42:33.000000000 +1100
+++ mount/nfsmount.c	2006-03-17 19:56:55.000000000 +1100
@@ -119,8 +119,10 @@ find_kernel_nfs_mount_version(void) {
 		  nfs_mount_version = 4; /* since 2.2.18pre9 */
 	     else if (kernel_version < MAKE_VERSION(2,3,99))
 		  nfs_mount_version = 3;
+	     else if (kernel_version < MAKE_VERSION(2,6,3))
+		  nfs_mount_version = 4; 
 	     else
-		  nfs_mount_version = 4; /* since 2.3.99pre4 */
+		  nfs_mount_version = 6; 
 	}
 	if (nfs_mount_version > NFS_MOUNT_VERSION)
 	     nfs_mount_version = NFS_MOUNT_VERSION;
@@ -320,7 +322,6 @@ int nfsmount(const char *spec, const cha
 #if NFS_MOUNT_VERSION >= 2
 	data.namlen	= NAME_MAX;
 #endif
-
 	bg = 0;
 	soft = 0;
 	intr = 0;
@@ -402,6 +403,38 @@ int nfsmount(const char *spec, const cha
 					printf(_("Warning: Option namlen is not supported.\n"));
 			} else if (!strcmp(opt, "addr")) {
 				/* ignore */;
+#if NFS_MOUNT_VERSION >= 5
+			} else if (!strcmp(opt, "sec")) {
+                        	char *secflavor = opteq+1;
+				/* see RFC 2623 */
+				if (nfs_mount_version < 5) {
+					printf(_("Warning: this version of mount(1) does not support RPCSEC_GSS, ignoring sec=%s option\n"), secflavor);
+					continue;
+				} else if (!strcmp(secflavor, "sys"))
+					data.pseudoflavor = AUTH_SYS;
+				else if (!strcmp(secflavor, "krb5"))
+					data.pseudoflavor = AUTH_GSS_KRB5;
+				else if (!strcmp(secflavor, "krb5i"))
+					data.pseudoflavor = AUTH_GSS_KRB5I;
+				else if (!strcmp(secflavor, "krb5p"))
+					data.pseudoflavor = AUTH_GSS_KRB5P;
+				else if (!strcmp(secflavor, "lipkey"))
+					data.pseudoflavor = AUTH_GSS_LKEY;
+				else if (!strcmp(secflavor, "lipkey-i"))
+					data.pseudoflavor = AUTH_GSS_LKEYI;
+				else if (!strcmp(secflavor, "lipkey-p"))
+					data.pseudoflavor = AUTH_GSS_LKEYP;
+				else if (!strcmp(secflavor, "spkm3"))
+					data.pseudoflavor = AUTH_GSS_SPKM;
+				else if (!strcmp(secflavor, "spkm3i"))
+					data.pseudoflavor = AUTH_GSS_SPKMI;
+				else if (!strcmp(secflavor, "spkm3p"))
+					data.pseudoflavor = AUTH_GSS_SPKMP;
+				else if(!sloppy) {
+					printf(_("Warning: Unrecognized security flavor %s.\n"), secflavor);
+					goto fail;
+				}
+#endif
 			} else {
 				printf(_("unknown nfs mount parameter: "
 					 "%s=%d\n"), opt, val);
@@ -474,6 +507,11 @@ retry_udp:
 		data.flags |= (noacl ? NFS_MOUNT_NOACL : 0);
 	}
 #endif
+#if NFS_MOUNT_VERSION >= 5
+	if ((nfs_mount_version >= 5) && data.pseudoflavor) {
+		data.flags |= NFS_MOUNT_SECFLAVOUR;
+	}
+#endif
 	if (nfsvers > MAX_NFSPROT) {
 		fprintf(stderr, "NFSv%d not supported!\n", nfsvers);
 		return 0;
@@ -510,6 +548,9 @@ retry_udp:
 	printf("tcp = %d\n",
 	       (data.flags & NFS_MOUNT_TCP) != 0);
 #endif
+#if NFS_MOUNT_VERSION >= 5
+	printf("sec = %u\n", data.pseudoflavor);
+#endif
 #endif
 
 	data.version = nfs_mount_version;
@@ -717,6 +758,30 @@ retry_udp:
 				nfs_strerror(status.nfsv3.fhs_status));
 			goto fail;
 		}
+#if NFS_MOUNT_VERSION >= 5
+		if (data.pseudoflavor) {
+			mountres3_ok *mountres = &status.nfsv3.mountres3_u.mountinfo;
+			int i = mountres->auth_flavours.auth_flavours_len;
+
+			if (i > 0) {
+				int *flavor = mountres->auth_flavours.auth_flavours_val;
+				while (--i >= 0) {
+					if (flavor[i] == data.pseudoflavor) {
+						break;
+					}
+				}
+
+				if (i < 0) {
+					fprintf(stderr, 
+						"mount: %s:%s failed, security flavor not supported\n",
+						hostname, dirname);
+					mountproc3_umnt_3(&dirname,mclient);
+					goto fail;
+				}
+			}
+		}
+#endif
+
 		fhandle = &status.nfsv3.mountres3_u.mountinfo.fhandle;
 		memset(data.old_root.data, 0, NFS_FHSIZE);
 		memset(&data.root, 0, sizeof(data.root));