Index: freebsd-configure.sh
===================================================================
--- /dev/null
+++ freebsd-configure.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+configure_args="
+    --prefix=/usr
+    --sysconfdir=/etc/ssh
+    --with-pam
+    --with-tcp-wrappers
+    --with-libedit
+    --with-ssl-engine
+    --without-xauth
+" 
+
+set -e
+
+# generate config.h with krb5 and stash it
+sh configure $configure_args --with-kerberos5
+mv config.log config.log.orig
+mv config.h config.h.orig
+
+# generate config.h without krb5
+sh configure $configure_args --without-kerberos5
+
+# extract the difference
+echo '/* $Free''BSD$ */' > krb5_config.h
+diff -u config.h.orig config.h |
+	sed -n '/^-#define/s/^-//p' |
+	grep -Ff /dev/stdin config.h.orig >> krb5_config.h
Index: krb5_config.h
===================================================================
--- /dev/null
+++ krb5_config.h
@@ -0,0 +1,11 @@
+/* $FreeBSD$ */
+#define GSSAPI 1
+#define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE 1
+#define HAVE_GSSAPI_GSSAPI_H 1
+#define HAVE_GSSAPI_GSSAPI_KRB5_H 1
+#define HAVE_GSSAPI_H 1
+#define HAVE_KRB5_CC_NEW_UNIQUE 1
+#define HAVE_KRB5_FREE_ERROR_MESSAGE 1
+#define HAVE_KRB5_GET_ERROR_MESSAGE 1
+#define HEIMDAL 1
+#define KRB5 1
Index: ssh-gss.h
===================================================================
--- ssh-gss.h
+++ ssh-gss.h
@@ -28,10 +28,10 @@
 
 #ifdef GSSAPI
 
-#ifdef HAVE_GSSAPI_H
-#include <gssapi.h>
-#elif defined(HAVE_GSSAPI_GSSAPI_H)
+#if defined(HAVE_GSSAPI_GSSAPI_H)
 #include <gssapi/gssapi.h>
+#elif defined(HAVE_GSSAPI_H)
+#include <gssapi.h>
 #endif
 
 #ifdef KRB5
Index: sshd.c
===================================================================
--- sshd.c
+++ sshd.c
@@ -89,6 +89,13 @@
 #include <prot.h>
 #endif
 
+#ifdef __FreeBSD__
+#if defined(GSSAPI) && defined(HAVE_GSSAPI_GSSAPI_H)
+#include <gssapi/gssapi.h>
+#elif defined(GSSAPI) && defined(HAVE_GSSAPI_H)
+#include <gssapi.h>
+#endif
+#endif
 #include "xmalloc.h"
 #include "ssh.h"
 #include "ssh2.h"
@@ -2147,6 +2154,18 @@
 	ssh_signal(SIGQUIT, SIG_DFL);
 	ssh_signal(SIGCHLD, SIG_DFL);
 	ssh_signal(SIGINT, SIG_DFL);
+#ifdef GSSAPI
+	/*
+	 * Force GSS-API to parse its configuration and load any
+	 * mechanism plugins.
+	 */
+	{
+		gss_OID_set mechs;
+		OM_uint32 minor_status;
+		gss_indicate_mechs(&minor_status, &mechs);
+		gss_release_oid_set(&minor_status, &mechs);
+	}
+#endif
 
 #ifdef __FreeBSD__
 	/*