diff -ur openssh-4.5p1.orig/gss-genr.c openssh-4.5p1/gss-genr.c
--- openssh-4.5p1.orig/gss-genr.c	2006-08-29 21:08:04.000000000 -0400
+++ openssh-4.5p1/gss-genr.c	2007-09-10 16:19:50.000000000 -0400
@@ -235,22 +235,11 @@
 ssh_gssapi_acquire_cred(Gssctxt *ctx)
 {
 	OM_uint32 status;
-	char lname[MAXHOSTNAMELEN];
 	gss_OID_set oidset;
 
 	gss_create_empty_oid_set(&status, &oidset);
 	gss_add_oid_set_member(&status, ctx->oid, &oidset);
 
-	if (gethostname(lname, MAXHOSTNAMELEN)) {
-		gss_release_oid_set(&status, &oidset);
-		return (-1);
-	}
-
-	if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
-		gss_release_oid_set(&status, &oidset);
-		return (ctx->major);
-	}
-
 	if ((ctx->major = gss_acquire_cred(&ctx->minor,
 	    ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
 		ssh_gssapi_error(ctx);
diff -ur openssh-4.5p1.orig/gss-serv.c openssh-4.5p1/gss-serv.c
--- openssh-4.5p1.orig/gss-serv.c	2006-09-01 01:38:36.000000000 -0400
+++ openssh-4.5p1/gss-serv.c	2007-09-10 16:19:50.000000000 -0400
@@ -102,6 +102,8 @@
 {
 	OM_uint32 status;
 	gss_OID mech;
+	gss_name_t acceptor_name = GSS_C_NO_NAME;
+	gss_buffer_desc acceptor_name_buffer = GSS_C_EMPTY_BUFFER;
 
 	ctx->major = gss_accept_sec_context(&ctx->minor,
 	    &ctx->context, ctx->creds, recv_tok,
@@ -116,6 +118,22 @@
 	else
 		debug("Got no client credentials");
 
+	ctx->major = gss_inquire_context(&ctx->minor, ctx->context, NULL, &acceptor_name, NULL, NULL, NULL, NULL, NULL);
+
+	if (GSS_ERROR(ctx->major)) {
+		ssh_gssapi_error(ctx);
+	} else {
+		ctx->major = gss_display_name(&ctx->minor, acceptor_name, &acceptor_name_buffer, NULL);
+
+		if (GSS_ERROR(ctx->major)) {
+			ssh_gssapi_error(ctx);
+		} else if (acceptor_name_buffer.length < 5 || strncmp(acceptor_name_buffer.value, "host@", 5) != 0 && strncmp(acceptor_name_buffer.value, "host/", 5) != 0) {
+			debug("Accepting credential '%s' was not for the host service.", acceptor_name_buffer.value);
+			ctx->major = GSS_S_BAD_NAME;
+		} 
+	}
+	gss_release_buffer(&status, &acceptor_name_buffer);
+	gss_release_name(&status, &acceptor_name);
 	status = ctx->major;
 
 	/* Now, if we're complete and we have the right flags, then