An application can create a new credential handle to pass to the gss_init_sec_context( ) routine or the gss_accept_sec_context( ) routine. An application might create a credential handle rather than use the default credential for the following reasons:
- Limit the identities the application can use
- Provide an additional identity for the application
More:
Initiating a Security Context with New Credential Handles
Accepting a Security Context Using New Credential Handles