Yes, the Solaris behavior (and the behavior Luke initially implemented) is that an AS request is always made and the creds always land in a unique MEMORY ccache. The caller can store those with gss_store_creds() if desired.