diff -up cyrus-sasl-2.1.25/plugins/gssapi.c.release-server_creds cyrus-sasl-2.1.25/plugins/gssapi.c
--- cyrus-sasl-2.1.25/plugins/gssapi.c.release-server_creds	2012-12-07 12:57:14.000000000 +0100
+++ cyrus-sasl-2.1.25/plugins/gssapi.c	2012-12-07 12:58:11.122533870 +0100
@@ -829,6 +829,11 @@ gssapi_server_mech_step(void *conn_conte
 	}
 
 	if (maj_stat == GSS_S_COMPLETE) {
+	    /* Release server creds which are no longer needed */
+            if ( text->server_creds != GSS_C_NO_CREDENTIAL) {
+	        maj_stat = gss_release_cred(&min_stat, &text->server_creds);
+	        text->server_creds = GSS_C_NO_CREDENTIAL;
+            }
 	    /* Switch to ssf negotiation */
 	    text->state = SASL_GSSAPI_STATE_SSFCAP;