Java supports application server to use Kerberos to authenticate clients in two APIs: GSSAPI and SASL. There're applications that need to access ticket info like authorization data and session key to further authorize clients after authentication. JGSS has already support for the query as providing ExtendedGSSContext which can inquiry SESSION_KEY, TKT_FLAGS, AUTHTIME and AUTHZ_DATA. SASL wraps GSSAPI mechanism but hasn't yet support the query.

The bug is reported by Zheng Kai <kai dot zheng at intel dot com>.