Establishing client credentials (TGT etc.) with GSSAPI

[Chris]

I'm working on implementing Kerberos authentication from a C++ client
to a Java service.  The Java service wants a GSSAPI context.

Is it correct that, if you can't rely on default GSSAPI credentials
(i.e. login identity and pre-cached TGT), then a client should use
gss_acquire_credentials() to establish this?  I have tried this but
haven't had success and just want to make sure I'm on the right path.

I need to be able to explicitly set the client principal, realm, and
KDC - not just rely on login and client machine configuration - and
obtain a TGT (whether from local cache or the AS, possibly with a
password prompt), and then use this to call gss_init_context() which I
expect to request the actual service ticket.

Is gss_acquire_credentials() the right call?  Anyone know of any
sample code for this kind of explicit credentials configuration on the
client (i.e. gss_init_context) side?

TIA
- Chris