diff --git a/krb5-1.6.3-netdb.patch b/krb5-1.6.3-netdb.patch
new file mode 100644
index 0000000..a6360e2
--- /dev/null
+++ b/krb5-1.6.3-netdb.patch
@@ -0,0 +1,242 @@
+While RFCs 2133 and 2553 mentioned that <netdb.h> defined NI_MAXHOST
+and NI_MAXSERV, there's no mention of that in RFC 3493, so I guess we
+can't depend on that any more.
+
+diff -up krb5-1.6.3/src/configure.in krb5-1.6.3/src/configure.in
+--- krb5-1.6.3/src/configure.in	2008-02-13 17:07:55.000000000 -0500
++++ krb5-1.6.3/src/configure.in	2008-02-13 17:07:55.000000000 -0500
+@@ -523,6 +523,32 @@ if test $krb5_cv_header_netdb_h_h_errno 
+ fi
+ dnl
+ dnl
++AC_MSG_CHECKING([for NI_MAXHOST in netdb.h])
++AC_CACHE_VAL(krb5_cv_header_netdb_h_NI_MAXHOST,
++[AC_TRY_COMPILE(
++	[#include <netdb.h>],
++	[int x = NI_MAXHOST;], krb5_cv_header_netdb_h_NI_MAXHOST=yes,
++	krb5_cv_header_netdb_h_NI_MAXHOST=no)])
++AC_MSG_RESULT($krb5_cv_header_netdb_h_NI_MAXHOST)
++if test $krb5_cv_header_netdb_h_NI_MAXHOST = yes; then
++    AC_DEFINE([HAVE_NETDB_H_NI_MAXHOST], 1,
++	[Define if netdb.h declares NI_MAXHOST])
++fi
++dnl
++dnl
++AC_MSG_CHECKING([for NI_MAXSERV in netdb.h])
++AC_CACHE_VAL(krb5_cv_header_netdb_h_NI_MAXSERV,
++[AC_TRY_COMPILE(
++	[#include <netdb.h>],
++	[int x = NI_MAXSERV;], krb5_cv_header_netdb_h_NI_MAXSERV=yes,
++	krb5_cv_header_netdb_h_NI_MAXSERV=no)])
++AC_MSG_RESULT($krb5_cv_header_netdb_h_NI_MAXSERV)
++if test $krb5_cv_header_netdb_h_NI_MAXSERV = yes; then
++    AC_DEFINE([HAVE_NETDB_H_NI_MAXSERV], 1,
++	[Define if netdb.h declares NI_MAXSERV])
++fi
++dnl
++dnl
+ AC_ARG_ENABLE([athena],
+ [  --enable-athena         build with MIT Project Athena configuration],
+ AC_DEFINE(KRB5_ATHENA_COMPAT,1,[Define if MIT Project Athena default configuration should be used]),)
+diff -up krb5-1.6.3/src/include/port-sockets.h krb5-1.6.3/src/include/port-sockets.h
+--- krb5-1.6.3/src/include/port-sockets.h	2006-03-11 17:23:28.000000000 -0500
++++ krb5-1.6.3/src/include/port-sockets.h	2008-02-13 17:12:54.000000000 -0500
+@@ -184,4 +184,16 @@ extern int socket (int, int, int) /*@*/;
+ # endif
+ #endif
+ 
++#ifdef HAVE_NETDB_H_NI_MAXHOST
++#define K5_NI_MAXHOST NI_MAXHOST
++#else
++#define K5_NI_MAXHOST 1025
++#endif
++
++#ifdef HAVE_NETDB_H_NI_MAXSERV
++#define K5_NI_MAXSERV NI_MAXSERV
++#else
++#define K5_NI_MAXSERV 32
++#endif
++
+ #endif /*_PORT_SOCKET_H*/
+diff -up krb5-1.6.3/src/appl/libpty/sane_hostname.c krb5-1.6.3/src/appl/libpty/sane_hostname.c
+--- krb5-1.6.3/src/appl/libpty/sane_hostname.c	2008-02-13 17:16:47.000000000 -0500
++++ krb5-1.6.3/src/appl/libpty/sane_hostname.c	2008-02-13 17:16:53.000000000 -0500
+@@ -41,7 +41,7 @@ pty_make_sane_hostname(const struct sock
+ 		       int strip_ldomain, int always_ipaddr, char **out)
+ {
+     struct addrinfo *ai = 0;
+-    char addrbuf[NI_MAXHOST];
++    char addrbuf[K5_NI_MAXHOST];
+ #ifdef HAVE_STRUCT_UTMP_UT_HOST
+     struct utmp ut;
+ #else
+diff -up krb5-1.6.3/src/appl/bsd/krshd.c krb5-1.6.3/src/appl/bsd/krshd.c
+--- krb5-1.6.3/src/appl/bsd/krshd.c	2008-02-13 17:17:41.000000000 -0500
++++ krb5-1.6.3/src/appl/bsd/krshd.c	2008-02-13 17:17:57.000000000 -0500
+@@ -494,10 +494,10 @@ char	shell[64] = "SHELL=";
+ char    term[64] = "TERM=network";
+ char	path_rest[] = RPATH;
+ 
+-char	remote_addr[64+NI_MAXHOST]; /* = "KRB5REMOTEADDR=" */
+-char	remote_port[64+NI_MAXSERV]; /* = "KRB5REMOTEPORT=" */
+-char	local_addr[64+NI_MAXHOST]; /* = "KRB5LOCALADDR=" */
+-char	local_port[64+NI_MAXSERV]; /* = "KRB5LOCALPORT=" */
++char	remote_addr[64+K5_NI_MAXHOST]; /* = "KRB5REMOTEADDR=" */
++char	remote_port[64+K5_NI_MAXSERV]; /* = "KRB5REMOTEPORT=" */
++char	local_addr[64+K5_NI_MAXHOST]; /* = "KRB5LOCALADDR=" */
++char	local_port[64+K5_NI_MAXSERV]; /* = "KRB5LOCALPORT=" */
+ #define ADDRPAD 0,0,0,0
+ #define KRBPAD 0		/* KRB5CCNAME, optional */
+ 
+@@ -631,9 +631,9 @@ void doit(f, fromp)
+ #endif  /* CRAY */
+     
+     int s = -1;
+-    char hostname[NI_MAXHOST];
++    char hostname[K5_NI_MAXHOST];
+     char *sane_host;
+-    char hostaddra[NI_MAXHOST];
++    char hostaddra[K5_NI_MAXHOST];
+     int aierr;
+     short port;
+     int pv[2], pw[2], px[2], cc;
+@@ -1510,7 +1510,7 @@ void doit(f, fromp)
+     }
+ 
+     {
+-      char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
++      char hbuf[K5_NI_MAXHOST], sbuf[K5_NI_MAXSERV];
+       int i;
+       /* these four are covered by ADDRPAD */
+ 
+diff -up krb5-1.6.3/src/appl/bsd/krlogind.c krb5-1.6.3/src/appl/bsd/krlogind.c
+--- krb5-1.6.3/src/appl/bsd/krlogind.c	2008-02-13 17:18:12.000000000 -0500
++++ krb5-1.6.3/src/appl/bsd/krlogind.c	2008-02-13 17:18:20.000000000 -0500
+@@ -604,7 +604,7 @@ void doit(f, fromp)
+ {
+     int p, t, on = 1;
+     char c;
+-    char hname[NI_MAXHOST];
++    char hname[K5_NI_MAXHOST];
+     char buferror[255];
+     struct passwd *pwd;
+ #ifdef POSIX_SIGNALS
+diff -up krb5-1.6.3/src/appl/bsd/kcmd.c krb5-1.6.3/src/appl/bsd/kcmd.c
+--- krb5-1.6.3/src/appl/bsd/kcmd.c	2008-02-13 17:17:14.000000000 -0500
++++ krb5-1.6.3/src/appl/bsd/kcmd.c	2008-02-13 17:17:23.000000000 -0500
+@@ -234,8 +234,8 @@ kcmd_connect (int *sp, int *addrfamilyp,
+     *host_save = strdup(ap->ai_canonname ? ap->ai_canonname : hname);
+ 
+     for (ap2 = ap; ap; ap = ap->ai_next) {
+-	char hostbuf[NI_MAXHOST];
+-	char portbuf[NI_MAXSERV];
++	char hostbuf[K5_NI_MAXHOST];
++	char portbuf[K5_NI_MAXSERV];
+ 	int oerrno;
+ 	int af = ap->ai_family;
+ 
+diff -up krb5-1.6.3/src/appl/telnet/telnetd/telnetd.c krb5-1.6.3/src/appl/telnet/telnetd/telnetd.c
+--- krb5-1.6.3/src/appl/telnet/telnetd/telnetd.c	2008-02-13 17:19:29.000000000 -0500
++++ krb5-1.6.3/src/appl/telnet/telnetd/telnetd.c	2008-02-13 17:19:33.000000000 -0500
+@@ -986,7 +986,7 @@ static void doit(who)
+ 	    /* Get name of connected client -- but we don't actually
+ 	       use it.  Just confirm that we can get it.  */
+ 	    int aierror;
+-	    char hostnamebuf[NI_MAXHOST];
++	    char hostnamebuf[K5_NI_MAXHOST];
+ 	    aierror = getnameinfo (who, socklen (who),
+ 				   hostnamebuf, sizeof (hostnamebuf), 0, 0,
+ 				   NI_NAMEREQD);
+diff -up krb5-1.6.3/src/appl/telnet/telnet/commands.c krb5-1.6.3/src/appl/telnet/telnet/commands.c
+--- krb5-1.6.3/src/appl/telnet/telnet/commands.c	2008-02-13 17:18:50.000000000 -0500
++++ krb5-1.6.3/src/appl/telnet/telnet/commands.c	2008-02-13 17:18:57.000000000 -0500
+@@ -124,7 +124,7 @@ static	unsigned long sourceroute(char *,
+ 
+ char	*hostname;
+ static char _hostname[MAXDNAME];
+-static char hostaddrstring[NI_MAXHOST];
++static char hostaddrstring[K5_NI_MAXHOST];
+ 
+ extern char *getenv();
+ 
+diff -up krb5-1.6.3/src/appl/sample/sclient/sclient.c krb5-1.6.3/src/appl/sample/sclient/sclient.c
+--- krb5-1.6.3/src/appl/sample/sclient/sclient.c	2008-02-13 17:20:00.000000000 -0500
++++ krb5-1.6.3/src/appl/sample/sclient/sclient.c	2008-02-13 17:20:07.000000000 -0500
+@@ -154,8 +154,8 @@ main(int argc, char *argv[])
+     /* set up the address of the foreign socket for connect() */
+     apstart = ap; /* For freeing later */
+     for (sock = -1; ap && sock == -1; ap = ap->ai_next) {
+-	char abuf[NI_MAXHOST], pbuf[NI_MAXSERV];
+-	char mbuf[NI_MAXHOST + NI_MAXSERV + 64];
++	char abuf[K5_NI_MAXHOST], pbuf[K5_NI_MAXSERV];
++	char mbuf[K5_NI_MAXHOST + K5_NI_MAXSERV + 64];
+ 	if (getnameinfo(ap->ai_addr, ap->ai_addrlen, abuf, sizeof(abuf),
+ 			pbuf, sizeof(pbuf), NI_NUMERICHOST | NI_NUMERICSERV)) {
+ 	    memset(abuf, 0, sizeof(abuf));
+diff -up krb5-1.6.3/src/lib/krb5/os/sn2princ.c krb5-1.6.3/src/lib/krb5/os/sn2princ.c
+--- krb5-1.6.3/src/lib/krb5/os/sn2princ.c	2008-02-13 17:12:07.000000000 -0500
++++ krb5-1.6.3/src/lib/krb5/os/sn2princ.c	2008-02-13 17:12:09.000000000 -0500
+@@ -93,7 +93,7 @@ krb5_sname_to_principal(krb5_context con
+ 	if (type == KRB5_NT_SRV_HST) {
+ 	    struct addrinfo *ai, hints;
+ 	    int err;
+-	    char hnamebuf[NI_MAXHOST];
++	    char hnamebuf[K5_NI_MAXHOST];
+ 
+ 	    /* Note that the old code would accept numeric addresses,
+ 	       and if the gethostbyaddr step could convert them to
+diff -up krb5-1.6.3/src/kdc/network.c krb5-1.6.3/src/kdc/network.c
+--- krb5-1.6.3/src/kdc/network.c	2008-02-13 17:15:19.000000000 -0500
++++ krb5-1.6.3/src/kdc/network.c	2008-02-13 17:15:25.000000000 -0500
+@@ -489,7 +489,7 @@ setup_udp_port(void *P_data, struct sock
+ {
+     struct socksetup *data = P_data;
+     int sock = -1, i;
+-    char haddrbuf[NI_MAXHOST];
++    char haddrbuf[K5_NI_MAXHOST];
+     int err;
+     u_short port;
+ 
+diff -up krb5-1.6.3/src/clients/klist/klist.c krb5-1.6.3/src/clients/klist/klist.c
+--- krb5-1.6.3/src/clients/klist/klist.c	2008-02-13 17:16:02.000000000 -0500
++++ krb5-1.6.3/src/clients/klist/klist.c	2008-02-13 17:16:10.000000000 -0500
+@@ -670,7 +670,7 @@ void one_addr(a)
+ {
+     struct sockaddr_storage ss;
+     int err;
+-    char namebuf[NI_MAXHOST];
++    char namebuf[K5_NI_MAXHOST];
+ 
+     memset (&ss, 0, sizeof (ss));
+ 
+diff -up krb5-1.6.3/src/tests/resolve/addrinfo-test.c krb5-1.6.3/src/tests/resolve/addrinfo-test.c
+--- krb5-1.6.3/src/tests/resolve/addrinfo-test.c	2006-10-17 22:51:55.000000000 -0400
++++ krb5-1.6.3/src/tests/resolve/addrinfo-test.c	2008-02-13 17:21:11.000000000 -0500
+@@ -48,6 +48,18 @@
+ #include "fake-addrinfo.h"
+ #endif
+ 
++#ifdef NI_MAXHOST
++#define K5_NI_MAXHOST NI_MAXHOST
++#else
++#define K5_NI_MAXHOST 1025
++#endif
++
++#ifdef NI_MAXSERV
++#define K5_NI_MAXSERV NI_MAXSERV
++#else
++#define K5_NI_MAXSERV 32
++#endif
++
+ static const char *protoname (int p) {
+     static char buf[30];
+ 
+@@ -262,7 +274,7 @@ int main (int argc, char *argv[])
+ 
+ 
+     for (ap2 = ap; ap2; ap2 = ap2->ai_next) {
+-	char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV];
++	char hbuf[K5_NI_MAXHOST], pbuf[K5_NI_MAXSERV];
+ 	/* If we don't do this, even AIX's own getnameinfo will reject
+ 	   the sockaddr structures.  The sa_len field doesn't get set
+ 	   either, on AIX, but getnameinfo won't complain.  */
diff --git a/krb5.spec b/krb5.spec
index ade1839..36e6148 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -15,7 +15,7 @@
 Summary: The Kerberos network authentication system.
 Name: krb5
 Version: 1.6.3
-Release: 5%{?dist}
+Release: 6%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -94,6 +94,7 @@ Patch64: krb5-ok-as-delegate.patch
 Patch68: krb5-trunk-spnego_delegation.patch
 Patch69: krb5-trunk-seqnum.patch
 Patch70: krb5-trunk-kpasswd_tcp2.patch
+Patch71: krb5-1.6.3-netdb.patch
 
 License: MIT, freely distributable.
 URL: http://web.mit.edu/kerberos/www/
@@ -224,6 +225,9 @@ to obtain initial credentials from a KDC using a private key and a
 certificate.
 
 %changelog
+* Wed Feb 13 2008 Nalin Dahyabhai <nalin@redhat.com> 1.6.3-6
+- patch to avoid depending on <netdb.h> to define NI_MAXHOST and NI_MAXSERV
+
 * Tue Feb 12 2008 Nalin Dahyabhai <nalin@redhat.com> 1.6.3-5
 - enable patch for key-expiration reporting
 - enable patch to make kpasswd fall back to TCP if UDP fails
@@ -1290,6 +1294,7 @@ popd
 %patch68 -p0 -b .spnego_delegation
 %patch69 -p0 -b .seqnum
 #%patch70 -p0 -b .kpasswd_tcp2
+%patch71 -p1 -b .netdb
 cp src/krb524/README README.krb524
 gzip doc/*.ps