Hi All Please review
http://cr.openjdk.java.net/~weijun/6355584/webrev.00/ This enables 2 changes: 1. As an initiator, you can call ((ExtendedGSSCredential)cred).impersonate(other) to impersonate a client.2. As an acceptor, context.getDelegCred() can still return a constrained delegated credential even if the initiator has not called context.requestCredDeleg(true) to enable traditional delegation.
These are implemented with MS's S4U2self and S4U2proxy extensions to Kerberos 5.
Thanks Max