On Thu, May 31, 2012 at 4:32 PM, Sam Hartman <hartmans at mit.edu> wrote: > OK, do you need acceptor creds for that? To be general: yes. Think of a user2user mechanism... But for the RFC4121 mech the simple solution might be to record keytab filenames in the exported cred token, with a cookie for access control.