diff --git a/include/ldap.h b/include/ldap.h
index b920ab0917736da481db94b59d479a57842dbba0..00cfeb50521e61563405d9586b17ae2095181e4c 100644
--- a/include/ldap.h
+++ b/include/ldap.h
@@ -187,6 +187,7 @@ LDAP_BEGIN_DECL
 #define LDAP_OPT_X_SASL_MECHLIST		0x610a /* read-only */
 #define LDAP_OPT_X_SASL_NOCANON			0x610b
 #define LDAP_OPT_X_SASL_USERNAME		0x610c /* read-only */
+#define LDAP_OPT_X_SASL_GSS_CREDS		0x610d
 
 /* OpenLDAP GSSAPI options */
 #define LDAP_OPT_X_GSSAPI_DO_NOT_FREE_CONTEXT      0x6200
diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c
index 5843f0c08e2129779753af3acab5d2375dcb2acf..9e5de05690faae9a8d95209227c751c25d49c275 100644
--- a/libraries/libldap/cyrus.c
+++ b/libraries/libldap/cyrus.c
@@ -1042,6 +1042,23 @@ ldap_int_sasl_get_option( LDAP *ld, int option, void *arg )
 			/* this option is write only */
 			return -1;
 
+		case LDAP_OPT_X_SASL_GSS_CREDS: {
+			sasl_conn_t *ctx;
+			int sc;
+
+			if ( ld->ld_defconn == NULL )
+				return -1;
+
+			ctx = ld->ld_defconn->lconn_sasl_authctx;
+			if ( ctx == NULL )
+				return -1;
+
+			sc = sasl_getprop( ctx, SASL_GSS_CREDS, arg );
+			if ( sc != SASL_OK )
+				return -1;
+			}
+			break;
+
 		default:
 			return -1;
 	}
@@ -1124,6 +1141,23 @@ ldap_int_sasl_set_option( LDAP *ld, int option, void *arg )
 		return sc == LDAP_SUCCESS ? 0 : -1;
 		}
 
+	case LDAP_OPT_X_SASL_GSS_CREDS: {
+		sasl_conn_t *ctx;
+		int sc;
+
+		if ( ld->ld_defconn == NULL )
+			return -1;
+
+		ctx = ld->ld_defconn->lconn_sasl_authctx;
+		if ( ctx == NULL )
+			return -1;
+
+		sc = sasl_setprop( ctx, SASL_GSS_CREDS, arg );
+		if ( sc != SASL_OK )
+			return -1;
+		}
+		break;
+
 	default:
 		return -1;
 	}