diff --git a/sbin/dump/Makefile b/sbin/dump/Makefile
index 0912d8ddb31..764a7d6e763 100644
--- a/sbin/dump/Makefile
+++ b/sbin/dump/Makefile
@@ -22,4 +22,11 @@ BINMODE=2555
 MAN8=	dump.8
 MLINKS+=dump.8 rdump.8
 
+.if exists(${DESTDIR}/usr/lib/libkrb.a) && defined(MAKE_EBONES)
+.PATH:	${.CURDIR}/../../usr.bin/rlogin
+SRCS+=	krcmd.c kcmd.c
+LDADD+=	-lkrb -ldes
+CFLAGS+=-DKERBEROS
+.endif
+
 .include <bsd.prog.mk>
diff --git a/sbin/dump/dump.8 b/sbin/dump/dump.8
index c7a5be8c31a..b05d1da10f8 100644
--- a/sbin/dump/dump.8
+++ b/sbin/dump/dump.8
@@ -31,7 +31,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     @(#)dump.8	8.3 (Berkeley) 5/1/95
-.\"	$Id: dump.8,v 1.13 1997/03/11 12:09:31 peter Exp $
+.\"	$Id: dump.8,v 1.14 1997/03/15 06:23:57 peter Exp $
 .\"
 .Dd May 1, 1995
 .Dt DUMP 8
@@ -41,7 +41,7 @@
 .Nd filesystem backup
 .Sh SYNOPSIS
 .Nm dump
-.Op Fl 0123456789acnu
+.Op Fl 0123456789acknu
 .Op Fl B Ar records
 .Op Fl b Ar blocksize
 .Op Fl d Ar density
@@ -164,6 +164,11 @@ program is
 .Pa /etc/rmt ;
 this can be overridden by the environment variable
 .Ev RMT .
+.It Fl k
+Use Kerberos authentication to talk to remote tape servers.  (Only
+available if this option was enabled when
+.Nm dump
+was compiled.)
 .It Fl n
 Whenever
 .Nm dump
diff --git a/sbin/dump/dumprmt.c b/sbin/dump/dumprmt.c
index 59597897d5c..0be78667984 100644
--- a/sbin/dump/dumprmt.c
+++ b/sbin/dump/dumprmt.c
@@ -83,9 +83,12 @@ static	int rmtgetb __P((void));
 static	void rmtgetconn __P((void));
 static	void rmtgets __P((char *, int));
 static	int rmtreply __P((char *));
+#ifdef KERBEROS
+int	krcmd __P((char **, int /*u_short*/, char *, char *, int *, char *));
+#endif
 
 static	int errfd = -1;
-
+extern	int dokerberos;
 extern	int ntrec;		/* blocking factor on tape */
 
 int
@@ -147,9 +150,10 @@ rmtgetconn()
 	int throughput;
 
 	if (sp == NULL) {
-		sp = getservbyname("shell", "tcp");
+		sp = getservbyname(dokerberos ? "kshell" : "shell", "tcp");
 		if (sp == NULL) {
-			msg("shell/tcp: unknown service\n");
+			msg("%s/tcp: unknown service\n",
+			    dokerberos ? "kshell" : "shell");
 			exit(X_ABORT);
 		}
 		pwd = getpwuid(getuid());
@@ -169,8 +173,14 @@ rmtgetconn()
 	if ((rmt = getenv("RMT")) == NULL)
 		rmt = _PATH_RMT;
 	msg("");
-	rmtape = rcmd(&rmtpeer, (u_short)sp->s_port, pwd->pw_name, tuser,
-	    rmt, &errfd);
+#ifdef KERBEROS
+	if (dokerberos)
+		rmtape = krcmd(&rmtpeer, sp->s_port, tuser, rmt, &errfd,
+			       (char *)0);
+	else
+#endif
+		rmtape = rcmd(&rmtpeer, (u_short)sp->s_port, pwd->pw_name,
+			      tuser, rmt, &errfd);
 	if (rmtape < 0) {
 		msg("login to %s as %s failed.\n", rmtpeer, tuser);
 		return;
diff --git a/sbin/dump/main.c b/sbin/dump/main.c
index 5257efb7478..1b6553bc7ea 100644
--- a/sbin/dump/main.c
+++ b/sbin/dump/main.c
@@ -79,6 +79,7 @@ int	tapeno = 0;	/* current tape number */
 int	density = 0;	/* density in bytes/0.1" " <- this is for hilit19 */
 int	ntrec = NTREC;	/* # tape blocks in each tape record */
 int	cartridge = 0;	/* Assume non-cartridge tape */
+int	dokerberos = 0;	/* Use Kerberos authentication */
 long	dev_bsize = 1;	/* recalculated below */
 long	blocksperfile;	/* output blocks per file */
 char	*host = NULL;	/* remote host (if any) */
@@ -117,7 +118,13 @@ main(argc, argv)
 		usage();
 
 	obsolete(&argc, &argv);
-	while ((ch = getopt(argc, argv, "0123456789aB:b:cd:f:h:ns:T:uWw")) != -1)
+#ifdef KERBEROS
+#define optstring "0123456789aB:b:cd:f:h:kns:T:uWw"
+#else
+#define optstring "0123456789aB:b:cd:f:h:ns:T:uWw"
+#endif
+	while ((ch = getopt(argc, argv, optstring)) != -1)
+#undef optstring
 		switch (ch) {
 		/* dump level */
 		case '0': case '1': case '2': case '3': case '4':
@@ -171,6 +178,12 @@ main(argc, argv)
 			honorlevel = numarg("honor level", 0L, 10L);
 			break;
 
+#ifdef KERBEROS
+		case 'k':
+			dokerberos = 1;
+			break;
+#endif
+
 		case 'n':		/* notify operators */
 			notify = 1;
 			break;
@@ -481,9 +494,13 @@ main(argc, argv)
 static void
 usage()
 {
-
-	(void)fprintf(stderr, "usage: dump [-0123456789acnu] [-B records] [-b blocksize] [-d density] [-f file]\n            [-h level] [-s feet] [-T date] filesystem\n");
-	(void)fprintf(stderr, "       dump [-W | -w]\n");
+	fprintf(stderr, "usage: dump [-0123456789ac"
+#ifdef KERBEROS
+		"k"
+#endif
+		"nu] [-B records] [-b blocksize] [-d density] [-f file]\n"
+		"		[-h level] [-s feet] [-T date] filesystem\n"
+		"	dump [-W | -w]\n");
 	exit(1);
 }
 
diff --git a/sbin/restore/Makefile b/sbin/restore/Makefile
index 916e6f00949..65f0d559462 100644
--- a/sbin/restore/Makefile
+++ b/sbin/restore/Makefile
@@ -12,4 +12,11 @@ MAN8=	restore.8
 MLINKS+=restore.8 rrestore.8
 .PATH:	${.CURDIR}/../dump
 
+.if exists(${DESTDIR}/usr/lib/libkrb.a) && defined(MAKE_EBONES)
+.PATH:	${.CURDIR}/../../usr.bin/rlogin
+SRCS+=	krcmd.c kcmd.c
+LDADD+=	-lkrb -ldes
+CFLAGS+=-DKERBEROS
+.endif
+
 .include <bsd.prog.mk>
diff --git a/sbin/restore/main.c b/sbin/restore/main.c
index dbb895b1afd..6cb87d8e132 100644
--- a/sbin/restore/main.c
+++ b/sbin/restore/main.c
@@ -62,6 +62,7 @@ static char sccsid[] = "@(#)main.c	8.6 (Berkeley) 5/4/95";
 
 int	bflag = 0, cvtflag = 0, dflag = 0, vflag = 0, yflag = 0;
 int	hflag = 1, mflag = 1, Nflag = 0;
+int	dokerberos = 0;
 char	command = '\0';
 long	dumpnum = 1;
 long	volno = 0;
@@ -96,7 +97,12 @@ main(argc, argv)
 	if ((inputdev = getenv("TAPE")) == NULL)
 		inputdev = _PATH_DEFTAPE;
 	obsolete(&argc, &argv);
-	while ((ch = getopt(argc, argv, "b:cdf:himNRrs:tvxy")) != -1)
+#ifdef KERBEROS
+#define	optlist "b:cdf:hikmNRrs:tvxy"
+#else
+#define	optlist "b:cdf:himNRrs:tvxy"
+#endif
+	while ((ch = getopt(argc, argv, optlist)) != -1)
 		switch(ch) {
 		case 'b':
 			/* Change default tape blocksize. */
@@ -119,6 +125,11 @@ main(argc, argv)
 		case 'h':
 			hflag = 0;
 			break;
+#ifdef KERBEROS
+		case 'k':
+			dokerberos = 1;
+			break;
+#endif
 		case 'i':
 		case 'R':
 		case 'r':
@@ -278,11 +289,11 @@ static void
 usage()
 {
 	(void)fprintf(stderr, "usage:\t%s\n\t%s\n\t%s\n\t%s\n\t%s\n",
-	  "restore -i [-chmvy] [-b blocksize] [-f file] [-s fileno]",
-	  "restore -r [-cvy] [-b blocksize] [-f file] [-s fileno]",
-	  "restore -R [-cvy] [-b blocksize] [-f file] [-s fileno]",
-	  "restore -x [-chmvy] [-b blocksize] [-f file] [-s fileno] [file ...]",
-	  "restore -t [-chvy] [-b blocksize] [-f file] [-s fileno] [file ...]");
+	  "restore -i [-chkmvy] [-b blocksize] [-f file] [-s fileno]",
+	  "restore -r [-ckvy] [-b blocksize] [-f file] [-s fileno]",
+	  "restore -R [-ckvy] [-b blocksize] [-f file] [-s fileno]",
+	  "restore -x [-chkmvy] [-b blocksize] [-f file] [-s fileno] [file ...]",
+	  "restore -t [-chkvy] [-b blocksize] [-f file] [-s fileno] [file ...]");
 	done(1);
 }