Its basically no different from "native" kerberos5 support - except it
  uses GSS-API which allows for other authentication mechanisms. I did
  this work so I could use GSI(Grid Security Infrastructure) as the
  underlying authentication method.

Thanks - now I understand what you've done - and why.  So you can use
GSI, but don't have any better coda security than others.  This is of
course useful, as you can maintain one fewer auth system.  So one
vision for the way forward involves replacing or augmenting the
current krb5 support with your GSS-API code, and then later
GSS-API-ification of rpc2.