Unfortunately I'm still using mechglue-branch at the moment. I have found numerous bugs that I'm sure you don't care about anymore but there was one issue that could conceivably exist in the new code.
The issue was that trying to acquire a credential could result in a redundant AS-REQ. It turned out to be lib/mechglue/g_acquire_cred.c:gss_acquire_cred was looping over all mechanisms. The problem was that with SPNEGO it did KRB5 twice, once for KRB5 mech and once through SPNEGO mech calling KRB5. I added a clause that checked for &mech->mech_type == GSS_SPNEGO_MECHANISM to skip that mech (unless it was explicitly specified). Please consider this condition wrt the new mechglue code if necessary. Mike -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/