diff -up nfs-utils-1.3.0/utils/gssd/gssd.c.orig nfs-utils-1.3.0/utils/gssd/gssd.c

--- nfs-utils-1.3.0/utils/gssd/gssd.c.orig	2014-09-17 13:00:22.702932025 -0400

+++ nfs-utils-1.3.0/utils/gssd/gssd.c	2014-09-17 13:00:26.575004049 -0400

@@ -64,6 +64,7 @@ char *ccachesearch[GSSD_MAX_CCACHE_SEARC

 int  use_memcache = 0;

 int  root_uses_machine_creds = 1;

 unsigned int  context_timeout = 0;

+unsigned int  rpc_timeout = 5;

 char *preferred_realm = NULL;

 int pipefds[2] = { -1, -1 };

@@ -105,7 +106,7 @@ main(int argc, char *argv[])

 	char *progname;

 	memset(ccachesearch, 0, sizeof(ccachesearch));

-	while ((opt = getopt(argc, argv, "DfvrlmnMp:k:d:t:R:")) != -1) {

+	while ((opt = getopt(argc, argv, "DfvrlmnMp:k:d:t:T:R:")) != -1) {

 		switch (opt) {

 			case 'f':

 				fg = 1;

@@ -143,6 +144,9 @@ main(int argc, char *argv[])

 			case 't':

 				context_timeout = atoi(optarg);

 				break;

+			case 'T':

+				rpc_timeout = atoi(optarg);

+				break;

 			case 'R':

 				preferred_realm = strdup(optarg);

 				break;

diff -up nfs-utils-1.3.0/utils/gssd/gssd.h.orig nfs-utils-1.3.0/utils/gssd/gssd.h

--- nfs-utils-1.3.0/utils/gssd/gssd.h.orig	2014-09-17 13:00:22.702932025 -0400

+++ nfs-utils-1.3.0/utils/gssd/gssd.h	2014-09-17 13:00:26.575004049 -0400

@@ -66,6 +66,7 @@ extern char			*ccachesearch[];

 extern int			use_memcache;

 extern int			root_uses_machine_creds;

 extern unsigned int 		context_timeout;

+extern unsigned int rpc_timeout;

 extern char			*preferred_realm;

 extern int			pipefds[2];

diff -up nfs-utils-1.3.0/utils/gssd/gssd.man.orig nfs-utils-1.3.0/utils/gssd/gssd.man

--- nfs-utils-1.3.0/utils/gssd/gssd.man.orig	2014-09-17 13:00:22.702932025 -0400

+++ nfs-utils-1.3.0/utils/gssd/gssd.man	2014-09-17 13:00:26.575004049 -0400

@@ -289,6 +289,14 @@ new kernel contexts to be negotiated aft

 seconds, which allows changing Kerberos tickets and identities frequently.

 The default is no explicit timeout, which means the kernel context will live

 the lifetime of the Kerberos service ticket used in its creation.

+.TP

+.B -T timeout

+Timeout, in seconds, to create an RPC connection with a server while

+establishing an authenticated gss context for a user.

+The default timeout is set to 5 seconds.

+If you get messages like "WARNING: can't create tcp rpc_clnt to server

+%servername% for user with uid %uid%: RPC: Remote system error -

+Connection timed out", you should consider an increase of this timeout.

 .SH SEE ALSO

 .BR rpc.svcgssd (8),

 .BR kerberos (1),

diff -up nfs-utils-1.3.0/utils/gssd/gssd_proc.c.orig nfs-utils-1.3.0/utils/gssd/gssd_proc.c

--- nfs-utils-1.3.0/utils/gssd/gssd_proc.c.orig	2014-09-17 13:00:22.702932025 -0400

+++ nfs-utils-1.3.0/utils/gssd/gssd_proc.c	2014-09-17 13:00:26.575004049 -0400

@@ -842,7 +842,7 @@ create_auth_rpc_client(struct clnt_info

 	OM_uint32		min_stat;

 	char			rpc_errmsg[1024];

 	int			protocol;

-	struct timeval		timeout = {5, 0};

+	struct timeval	timeout;

 	struct sockaddr		*addr = (struct sockaddr *) &clp->addr;

 	socklen_t		salen;

@@ -910,6 +910,10 @@ create_auth_rpc_client(struct clnt_info

 	if (!populate_port(addr, salen, clp->prog, clp->vers, protocol))

 		goto out_fail;

+	/* set the timeout according to the requested valued */

+	timeout.tv_sec = (long) rpc_timeout;

+	timeout.tv_usec = (long) 0;

+

 	rpc_clnt = nfs_get_rpcclient(addr, salen, protocol, clp->prog,

 				     clp->vers, &timeout);

 	if (!rpc_clnt) {