I am having a little trouble understanding what the Java GSS API is
for. I want to enable single sign-on for my
applications. So far, I am able to get a TGT from the KDC (Win2k with
AD). In this context, some tutorials include
sections about JGSS.

The point is, that I am not quite sure which authentication stage is
sufficient for SSO. If I have the TGT, I have
proof that the user executing my application is really the user he
pretends to be which seems to be enough for me!

So what do I do with JGSS, accessing network resources? And what about
the client and a server class?

Many thanks!