Patch eb3a145789b9eedd39b56e1d76f412435abaa747 adds code to rpc.svcgssd to set an expiration date for nfs contexts. (It doesn't work, but that's the subject of a different bug.) That code treats the date is int32. It is sent into the kernel using code that ends up as a printf %d. In 2038 the date will go negative. Because the kernel uses 64-bit dates I believe that will produce the wrong result. The code should use date_t, not int32_t. This is complicated by the fact that it gets the date from a Kerberos ticket. Kerberos declares date as int32. For historical reasons, they have decided to retain it as int32, but whenever there's a comparison or arithemtic that would break in 2038, they cast it (date_t)(u_int32_t). Thus Kerberos is considered safe for 2038, even though date is declared as signed 32 bit. I believe the code in svcgssdd should use this cast. All variables should be date_t. Anything retrieved from a Kerberos ticket should be cast (date_t)(u_int32_t).