diff --git a/src/afs/IRIX/osi_idbg.c b/src/afs/IRIX/osi_idbg.c
index 5d9b683a45..89d021cba2 100644
--- a/src/afs/IRIX/osi_idbg.c
+++ b/src/afs/IRIX/osi_idbg.c
@@ -141,7 +141,7 @@ idbg_pruser(struct unixuser *tu)
     token = afs_FindToken(tu->tokens, RX_SECIDX_KAD);
 
     qprintf("@0x%x nxt 0x%x uid %d (0x%x) cell 0x%x vid 0x%x ref %d\n", tu,
-	    tu->next, tu->uid, tu->uid, tu->cell, tu->vid, tu->refCount);
+	    tu->next, tu->uid, tu->uid, tu->cell, tu->viceId, tu->refCount);
     qprintf("time %dRX_SECIDX_KADstLen %d stp 0x%x exp 0x%x ", tu->tokenTime,
 	    (token != NULL)?token->rxkad.ticketLen:0,
 	    (token != NULL)?token->rxkad.ticket:NULL,
@@ -150,7 +150,7 @@ idbg_pruser(struct unixuser *tu)
     qprintf("\n");
     qprintf("ClearToken: handle 0x%x ViceID 0x%x Btime %d Etime %d\n",
 	    (token != NULL)?token->rxkad.clearToken.AuthHandle:0,
-	    tu->vid,
+	    tu->viceId,
 	    (token != NULL)?token->rxkad.clearToken.BeginTimestamp:0,
 	    (token != NULL)?token->rxkad.clearToken.EndTimestamp:0);
 }
diff --git a/src/afs/LINUX/osi_proc.c b/src/afs/LINUX/osi_proc.c
index ee9accf3b6..140a99051e 100644
--- a/src/afs/LINUX/osi_proc.c
+++ b/src/afs/LINUX/osi_proc.c
@@ -196,7 +196,7 @@ static int uu_show(struct seq_file *m, void *p)
     }
 
     seq_printf(m, "%10d %4d %04x    %-25s %10d",
-	       tu->uid, tu->refCount, tu->states, cellname, tu->vid);
+	       tu->uid, tu->refCount, tu->states, cellname, tu->viceId);
 
     if (tc) afs_PutCell(tc, READ_LOCK);
 
diff --git a/src/afs/LINUX24/osi_proc.c b/src/afs/LINUX24/osi_proc.c
index a77766e3b7..4e485ff013 100644
--- a/src/afs/LINUX24/osi_proc.c
+++ b/src/afs/LINUX24/osi_proc.c
@@ -192,7 +192,7 @@ static int uu_show(struct seq_file *m, void *p)
     }
 
     seq_printf(m, "%10d %4d %04x    %-25s %10d",
-	       tu->uid, tu->refCount, tu->states, cellname, tu->vid);
+	       tu->uid, tu->refCount, tu->states, cellname, tu->viceId);
 
     if (tc) afs_PutCell(tc, READ_LOCK);
 
diff --git a/src/afs/VNOPS/afs_vnop_access.c b/src/afs/VNOPS/afs_vnop_access.c
index eabcfebe2b..ae790cfbae 100644
--- a/src/afs/VNOPS/afs_vnop_access.c
+++ b/src/afs/VNOPS/afs_vnop_access.c
@@ -79,8 +79,7 @@ afs_GetAccessBits(struct vcache *avc, afs_int32 arights,
 	if (!tu) {
 	    return (arights & avc->f.anyAccess);
 	}
-	if ((tu->vid == UNDEFVID) || !(tu->states & UHasTokens)
-	    || (tu->states & UTokensBad)) {
+	if (!(tu->states & UHasTokens) || (tu->states & UTokensBad)) {
 	    afs_PutUser(tu, READ_LOCK);
 	    return (arights & avc->f.anyAccess);
 	} else {
diff --git a/src/afs/afs.h b/src/afs/afs.h
index 064ba2b20b..f1285bc0ce 100644
--- a/src/afs/afs.h
+++ b/src/afs/afs.h
@@ -357,7 +357,7 @@ struct unixuser {
     struct unixuser *next;	/* next hash pointer */
     afs_int32 uid;		/* search based on uid and cell */
     afs_int32 cell;
-    afs_int32 vid;		/* corresponding vice id in specified cell */
+    afs_int32 viceId;		/* Optional viced ID corresponding to current tokens */
     short refCount;		/* reference count for allocation */
     char states;		/* flag info */
     afs_int32 tokenTime;	/* last time tokens were set, used for timing out conn data */
diff --git a/src/afs/afs_analyze.c b/src/afs/afs_analyze.c
index 1834e6d88c..22b36e75a2 100644
--- a/src/afs/afs_analyze.c
+++ b/src/afs/afs_analyze.c
@@ -545,7 +545,7 @@ afs_Analyze(struct afs_conn *aconn, afs_int32 acode,
 		afs_NotifyUser(tu, UTokensDropped);
 		afs_warnuser
 		    ("afs: Tokens for user of AFS id %d for cell %s have expired (server %d.%d.%d.%d)\n",
-		     tu->vid, aconn->srvr->server->cell->cellName,
+		     tu->viceId, aconn->srvr->server->cell->cellName,
 		     (address >> 24), (address >> 16) & 0xff,
 		     (address >> 8) & 0xff, (address) & 0xff);
 	    } else {
@@ -555,7 +555,7 @@ afs_Analyze(struct afs_conn *aconn, afs_int32 acode,
 		if (serversleft) {
 		    afs_warnuser
 			("afs: Tokens for user of AFS id %d for cell %s: rxkad error=%d (server %d.%d.%d.%d)\n",
-			 tu->vid, aconn->srvr->server->cell->cellName, acode,
+			 tu->viceId, aconn->srvr->server->cell->cellName, acode,
 			 (address >> 24), (address >> 16) & 0xff,
 			 (address >> 8) & 0xff, (address) & 0xff);
 		    shouldRetry = 1;
@@ -566,7 +566,7 @@ afs_Analyze(struct afs_conn *aconn, afs_int32 acode,
 		    afs_NotifyUser(tu, UTokensDropped);
 		    afs_warnuser
 			("afs: Tokens for user of AFS id %d for cell %s are discarded (rxkad error=%d, server %d.%d.%d.%d)\n",
-			 tu->vid, aconn->srvr->server->cell->cellName, acode,
+			 tu->viceId, aconn->srvr->server->cell->cellName, acode,
 			 (address >> 24), (address >> 16) & 0xff,
 			 (address >> 8) & 0xff, (address) & 0xff);
 		}
diff --git a/src/afs/afs_conn.c b/src/afs/afs_conn.c
index e725bb1fd0..919d029b88 100644
--- a/src/afs/afs_conn.c
+++ b/src/afs/afs_conn.c
@@ -72,7 +72,7 @@ afs_pickSecurityObject(struct afs_conn *conn, int *secLevel)
     union tokenUnion *token;
 
     /* Do we have tokens ? */
-    if (conn->user->vid != UNDEFVID) {
+    if (conn->user->states & UHasTokens) {
 	token = afs_FindToken(conn->user->tokens, RX_SECIDX_KAD);
 	if (token) {
 	    *secLevel = RX_SECIDX_KAD;
@@ -83,6 +83,8 @@ afs_pickSecurityObject(struct afs_conn *conn, int *secLevel)
 			       token->rxkad.clearToken.HandShakeKey,
 		         token->rxkad.clearToken.AuthHandle,
 		         token->rxkad.ticketLen, token->rxkad.ticket);
+	    /* We're going to use this token, so populate the viced */
+	    conn->user->viceId = token->rxkad.clearToken.ViceId;
 	}
      }
      if (secObj == NULL) {
@@ -269,7 +271,7 @@ afs_ConnBySA(struct srvAddr *sap, unsigned short aport, afs_int32 acell,
 	if (tc->id && (rx_SecurityClassOf(tc->id) != 0)) {
 	    tc->forceConnectFS = 1;	/* force recreation of connection */
 	}
-	tu->vid = UNDEFVID;	/* forcibly disconnect the authentication info */
+	tu->states &= ~UHasTokens;      /* remove the authentication info */
     }
 
     if (tc->forceConnectFS) {
@@ -308,7 +310,7 @@ afs_ConnBySA(struct srvAddr *sap, unsigned short aport, afs_int32 acell,
 	 * Will need to be revisited if/when CB gets security.
 	 */
 	if ((isec == 0) && (service != 52) && !(tu->states & UTokensBad) &&
-	    (tu->vid == UNDEFVID))
+	    (tu->viceId == UNDEFVID))
 	    rx_SetConnSecondsUntilNatPing(tc->id, 20);
 
 	tc->forceConnectFS = 0;	/* apparently we're appropriately connected now */
diff --git a/src/afs/afs_nfsclnt.c b/src/afs/afs_nfsclnt.c
index bfb4f6b8cb..612a973661 100644
--- a/src/afs/afs_nfsclnt.c
+++ b/src/afs/afs_nfsclnt.c
@@ -399,7 +399,7 @@ afs_nfsclient_getcreds(struct unixuser *au)
 	token->clearToken.EndTimestamp   = tcred->ct.EndTimestamp;
 
 	/* Set everything else, reset connections, and move on. */
-	tu->vid = tcred->vid;
+	tu->viceId = tcred->vid;
 	tu->states |= UHasTokens;
 	tu->states &= ~UTokensBad;
 	afs_SetPrimary(tu, !!(tcred->states & UPrimary));
diff --git a/src/afs/afs_pag_cred.c b/src/afs/afs_pag_cred.c
index 4da747f5ff..3a0c2c52e2 100644
--- a/src/afs/afs_pag_cred.c
+++ b/src/afs/afs_pag_cred.c
@@ -108,8 +108,8 @@ afspag_PUnlog(char *ain, afs_int32 ainSize, afs_ucred_t **acred)
     ObtainWriteLock(&afs_xuser, 823);
     for (tu = afs_users[i]; tu; tu = tu->next) {
 	if (tu->uid == uid) {
-	    tu->vid = UNDEFVID;
 	    tu->states &= ~UHasTokens;
+	    tu->viceId = UNDEFVID;
 	    afs_FreeTokens(&tu->tokens);
 #ifdef UKERNEL
 	    /* set the expire times to 0, causes
@@ -191,7 +191,6 @@ afspag_PSetTokens(char *ain, afs_int32 ainSize, afs_ucred_t **acred)
     tu = afs_GetUser(uid, tcell->cellnum, WRITE_LOCK);
     if (!tu->cellinfo)
 	tu->cellinfo = (void *)tcell;
-    tu->vid = clear.ViceId;
     afs_FreeTokens(&tu->tokens);
     afs_AddRxkadToken(&tu->tokens, stp, stLen, &clear);
 #ifndef AFS_NOSTATS
@@ -259,7 +258,7 @@ SPAGCB_GetCreds(struct rx_call *a_call, afs_int32 a_uid,
 	    token = afs_FindToken(tu->tokens, RX_SECIDX_KAD);
 
 	    tci = &a_creds->CredInfos_val[i];
-	    tci->vid               = tu->vid;
+	    tci->vid		   = token->rxkad.clearToken.ViceId;
 	    tci->ct.AuthHandle     = token->rxkad.clearToken.AuthHandle;
 	    memcpy(tci->ct.HandShakeKey,
 		   token->rxkad.clearToken.HandShakeKey, 8);
diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c
index 48b7130d77..ae5488bd68 100644
--- a/src/afs/afs_pioctl.c
+++ b/src/afs/afs_pioctl.c
@@ -1873,7 +1873,6 @@ DECL_PIOCTL(PSetTokens)
     }
     /* now we just set the tokens */
     tu = afs_GetUser(areq->uid, i, WRITE_LOCK);	/* i has the cell # */
-    tu->vid = clear.ViceId;
     /* Set tokens destroys any that are already there */
     afs_FreeTokens(&tu->tokens);
     afs_AddRxkadToken(&tu->tokens, stp, stLen, &clear);
@@ -2278,7 +2277,7 @@ DECL_PIOCTL(PGetTokens)
     if (!tu) {
 	return EDOM;
     }
-    if (((tu->states & UHasTokens) == 0)
+    if (!(tu->states & UHasTokens)
 	|| !afs_HasUsableTokens(tu->tokens, osi_Time())) {
 	tu->states |= (UTokensBad | UNeedsReset);
 	afs_NotifyUser(tu, UTokensDropped);
@@ -2358,7 +2357,6 @@ DECL_PIOCTL(PUnlog)
     ObtainWriteLock(&afs_xuser, 227);
     for (tu = afs_users[i]; tu; tu = tu->next) {
 	if (tu->uid == areq->uid) {
-	    tu->vid = UNDEFVID;
 	    tu->states &= ~UHasTokens;
 	    afs_FreeTokens(&tu->tokens);
 	    tu->refCount++;
@@ -5234,7 +5232,6 @@ DECL_PIOCTL(PNFSNukeCreds)
     for (i = 0; i < NUSERS; i++) {
 	for (tu = afs_users[i]; tu; tu = tu->next) {
 	    if (tu->exporter && EXP_CHECKHOST(tu->exporter, addr)) {
-		tu->vid = UNDEFVID;
 		tu->states &= ~UHasTokens;
 		afs_FreeTokens(&tu->tokens);
 		tu->refCount++;
diff --git a/src/afs/afs_user.c b/src/afs/afs_user.c
index 7da47d0563..f53ef928c9 100644
--- a/src/afs/afs_user.c
+++ b/src/afs/afs_user.c
@@ -115,7 +115,7 @@ afs_GCUserData(int aforce)
 	    delFlag = 0;	/* should we delete this dude? */
 	    /* Don't garbage collect users in use now (refCount) */
 	    if (tu->refCount == 0) {
-		if (tu->states & UHasTokens) {
+		if (tu->tokens) {
 		    /* Need to walk the token stack, and dispose of
 		     * all expired tokens */
 		    afs_DiscardExpiredTokens(&tu->tokens, now);
@@ -178,18 +178,12 @@ afs_CheckTokenCache(void)
 	     * If tokens are still good and user has Kerberos tickets,
 	     * check expiration
 	     */
-	    if (!(tu->states & UTokensBad) && tu->vid != UNDEFVID) {
+	    if ((tu->states & UHasTokens) && !(tu->states & UTokensBad)) {
 		if (!afs_HasUsableTokens(tu->tokens, now)) {
 		    /*
 		     * This token has expired, warn users and reset access
 		     * cache.
 		     */
-#ifdef notdef
-		    /* I really hate this message - MLK */
-		    afs_warn
-			("afs: Tokens for user of AFS id %d for cell %s expired now\n",
-			 tu->vid, afs_GetCell(tu->cell)->cellName);
-#endif
 		    tu->states |= (UTokensBad | UNeedsReset);
 		}
 	    }
@@ -202,7 +196,6 @@ afs_CheckTokenCache(void)
     }
     ReleaseReadLock(&afs_xuser);
     ReleaseReadLock(&afs_xvcache);
-
 }				/*afs_CheckTokenCache */
 
 
@@ -352,7 +345,7 @@ afs_ComputePAGStats(void)
 	     * We've found a previously-uncounted PAG.  If it's been deleted
 	     * but just not garbage-collected yet, we step over it.
 	     */
-	    if (currPAGP->vid == UNDEFVID)
+	    if (!(currPAGP->states & UHasTokens))
 		continue;
 
 	    /*
@@ -495,7 +488,7 @@ afs_GetUser(afs_int32 auid, afs_int32 acell, afs_int32 locktype)
     }
     tu->uid = auid;
     tu->cell = acell;
-    tu->vid = UNDEFVID;
+    tu->viceId = UNDEFVID;
     tu->refCount = 1;
     tu->tokenTime = osi_Time();
     ReleaseWriteLock(&afs_xuser);