diff -urN old/files/5-stable/rsyslog.confd.krb new/files/5-stable/rsyslog.confd.krb
--- old/files/5-stable/rsyslog.confd.krb	1969-12-31 19:00:00.000000000 -0500
+++ new/files/5-stable/rsyslog.confd.krb	2012-09-13 10:26:08.563747496 -0400
@@ -0,0 +1,38 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/rsyslog/files/5-stable/rsyslog.confd,v 1.1 2010/10/21 07:38:29 dev-zero Exp $
+
+# Define the keytab to pull the kerberos 5 key from. Leave blank to disable
+# krb5 features in the init script
+KRB5_KTNAME="/etc/${SVCNAME}.keytab"
+
+# Define the kerberos 5 credentials cache file to utilize for the rsyslogd service
+# This file will be created on start by the k5start utility and owned by
+# the syslog user
+KRB5CCNAME="/tmp/krb5cc_${SVCNAME}"
+
+# Define the principle to obtain a kerberos 5 key for
+KRB5_PRINC="log/atom.warfaresdl.com"
+
+# Define the time (in minutes) to refresh kerberos credentials. Without this,
+# rsyslogd's credentials would eventually expire and no longer be able to send krb5
+# messages to your rsyslogd server. The setting below sets it to one minute before
+# 8 hours
+KRB5_TICKET_TIME=479
+
+# Define the k5start pid file
+KRB_PIDFILE="/var/run/k5rsyslogd.pid"
+
+# Configuration file
+CONFIGFILE="/etc/rsyslog.conf"
+
+# PID file
+PIDFILE="/var/run/rsyslogd.pid"
+
+# Options to rsyslogd
+# See rsyslogd(8) for more details
+# Notes:
+# * Do not specify another PIDFILE but use the variable above to change the location
+# * Do not specify another CONFIGFILE but use the variable above to change the location
+# * "-c5" tells rsyslog to _not_ run in sysklogd compatibility mode
+RSYSLOG_OPTS="-c5"
diff -urN old/files/5-stable/rsyslog.initd.krb new/files/5-stable/rsyslog.initd.krb
--- old/files/5-stable/rsyslog.initd.krb	1969-12-31 19:00:00.000000000 -0500
+++ new/files/5-stable/rsyslog.initd.krb	2012-09-13 10:24:56.927250742 -0400
@@ -0,0 +1,51 @@
+#!/sbin/runscript
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/rsyslog/files/5-stable/rsyslog.initd,v 1.4 2012/08/24 14:40:14 ultrabug Exp $
+
+extra_started_commands="reload"
+
+depend() {
+	provide logger
+}
+
+start() {
+	if [ -n "${KRB5_KTNAME}" ] ; then
+		ebegin "Starting ${SVCNAME}"
+		start-stop-daemon \
+			--start --quiet --exec /usr/bin/k5start --pidfile "${KRB_PIDFILE}" -e KRB5_KTNAME="${KRB5_KTNAME}" -e KRB5CCNAME="${KRB5CCNAME}" -- \
+			-bqf "${KRB5_KTNAME}" -K ${KRB5_TICKET_TIME} -p "${KRB_PIDFILE}" ${KRB5_PRINC} -- \
+			/usr/sbin/rsyslogd ${RSYSLOG_OPTS} -i "${PIDFILE}" -nf "${CONFIGFILE}"
+		eend $?
+	else
+		ebegin "Starting ${SVCNAME}"
+		start-stop-daemon \
+			--start --quiet --exec /usr/sbin/rsyslogd --pidfile "${PIDFILE}" -- \
+			${RSYSLOG_OPTS} -i "${PIDFILE}" -f "${CONFIGFILE}"
+		eend $?
+	fi
+}
+
+stop() {
+	ebegin "Stopping rsyslogd"
+	start-stop-daemon \
+		--stop --quiet --pidfile "${PIDFILE}"
+	eend $?
+}
+
+reload() {
+	if [ ! -f "${PIDFILE}" ]; then
+		eerror "rsyslogd not running"
+		return 1
+	fi
+
+	# Baselayout-1 users still use --stop and --oknodo
+	local USEROPT="--name rsyslogd"
+	if [ ! -f /etc/init.d/sysfs ]; then
+		USEROPT="--stop --oknodo"
+	fi
+
+	ebegin "Re-opening rsyslogd log files"
+	start-stop-daemon --signal HUP --pidfile "${PIDFILE}" ${USEROPT}
+	eend $?
+}
diff -urN old/rsyslog-5.8.11.ebuild new/rsyslog-5.8.11.ebuild
--- old/rsyslog-5.8.11.ebuild	2012-09-12 16:38:13.513559997 -0400
+++ new/rsyslog-5.8.11.ebuild	2012-09-13 10:33:17.084786472 -0400
@@ -19,7 +19,8 @@
 
 RDEPEND="dbi? ( dev-db/libdbi )
 	extras? ( net-libs/libnet )
-	kerberos? ( virtual/krb5 )
+	kerberos? ( virtual/krb5
+		app-crypt/kstart )
 	mysql? ( virtual/mysql )
 	postgres? ( dev-db/postgresql-base )
 	oracle? ( dev-db/oracle-instantclient-basic )
@@ -119,8 +120,13 @@
 
 	insinto /etc
 	newins "${FILESDIR}/${BRANCH}/${PN}-gentoo.conf" ${PN}.conf
-	newconfd "${FILESDIR}/${BRANCH}/${PN}.confd" ${PN}
-	newinitd "${FILESDIR}/${BRANCH}/${PN}.initd" ${PN}
+	if use kerberos ; then
+		newconfd "${FILESDIR}/${BRANCH}/${PN}.confd.krb" ${PN}
+		newinitd "${FILESDIR}/${BRANCH}/${PN}.initd.krb" ${PN}
+	else
+		newconfd "${FILESDIR}/${BRANCH}/${PN}.confd" ${PN}
+		newinitd "${FILESDIR}/${BRANCH}/${PN}.initd" ${PN}
+	fi
 	keepdir /var/spool/${PN}
 	keepdir /etc/ssl/${PN}
 	keepdir /etc/${PN}.d
@@ -156,6 +162,11 @@
 		elog "once for each logging client. The client certificates will be signed"
 		elog "using the CA certificate generated during the first run."
 	fi
+	if use kerberos ; then
+		echo
+		elog "Remember to create a keytab file for ${PN} and configure"
+		elog "/etc/conf.d/${PN} as appropriate."
+	fi
 }
 
 pkg_config() {