Hi Dave, Is there a reason why you are using GSS-API directly instead of via SASL? It should still work, but if you do the latter, you can potentially reuse the existing code (or at least use it as inspiration), see `org.apache.kafka.common.security.authenticator.SaslClientAuthenticator`.
Also, please keep in mind that we are only using SASL for authentication and that to encrypt the communication, you have to use SASL_SSL (ie we don't support the SASL confidentiality QOP, for example). I hope this helps. Ismael
