Thanks Mukul.. but that didnt help much... what I really need to get at is how one can get the principal's long term key so as to decrypt the kerberos session ticket and get the underlying ticket to decrypt the rest of the kerberized stream Thanks Lyle