I'm in the process of porting a home-grown Kerberos application
that uses the GSSAPI and its own TGT.  Ok so far.  The problem
is that we have been passing the TGT into gss_accept_sec_context
(using another vendor's Kerberos) and this no longer works.
gss_accept_sec_context only appears to handle AP_REQ's - not
AS_REQ's or TGS_REQ's.  See:

src/lib/krb5/krb/rd_req.c

I've not yet embarked on making any changes to the GSSAPI to
handle this and before I do so, I'd like to ask if there are
any particular reasons why it is like this and/or what is the
correct way to deal with this ?

I also notice that the GSSAPI OID has changed ?  Looking at our
old messages, it was 1.3.5.1.5.2 and is now 1.2.840.113554.1.2.2.

Darren