Using default credentials is the simplest option always

[nicowilliams]

The README discusses using client keytabs. This is not important, and it's mostly useless.

Just use GSS_C_NO_CREDENTIAL as the credential handle on the initiator and acceptor sides.

[nicowilliams]

There is also no need to refer to any KRB5* env vars, except as a helping hand for users who are unfamiliar with MIT Kerberos or Heimdal. Certainly there is no need to refer to these in code.

[nicowilliams]

If you must have programmatic support for the specification of alternative, non-default credentials and credentials stores, then I recommend that you use gss_acquire_cred_from(), which lets you specify a set of key/value pairs including ones for specifying ccache and keytab names.