diff --git a/lib/gssapi/copy_ccache.c b/lib/gssapi/copy_ccache.c
index b8938acb3..80db21460 100644
--- a/lib/gssapi/copy_ccache.c
+++ b/lib/gssapi/copy_ccache.c
@@ -60,3 +60,41 @@ gss_krb5_copy_ccache(OM_uint32 *minor_status,
     *minor_status = 0;
     return GSS_S_COMPLETE;
 }
+
+OM_uint32
+gss_krb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
+					     gss_ctx_id_t context_handle,
+					     int ad_type,
+					     gss_buffer_t ad_data)
+{
+    krb5_error_code ret;
+    krb5_data data;
+    
+    ad_data->value = NULL;
+    ad_data->length = 0;
+    
+    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+    ret = krb5_ticket_get_authorization_data_type(gssapi_krb5_context,
+						  context_handle->ticket,
+						  ad_type,
+						  &data);
+    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+    if (ret) {
+	*minor_status = ret;
+	return GSS_S_FAILURE;
+    }
+    
+    ad_data->value = malloc(data.length);
+    if (ad_data->value == NULL) {
+	krb5_data_free(&data);
+	*minor_status = ENOMEM;
+	return GSS_S_FAILURE;
+    }
+
+    ad_data->length = data.length;
+    memcpy(ad_data->value, data.data, ad_data->length);
+    krb5_data_free(&data);
+	    
+    *minor_status = 0;
+    return GSS_S_COMPLETE;
+}
diff --git a/lib/gssapi/gssapi.h b/lib/gssapi/gssapi.h
index 462b6f3f6..2a3bcdabf 100644
--- a/lib/gssapi/gssapi.h
+++ b/lib/gssapi/gssapi.h
@@ -760,6 +760,13 @@ OM_uint32 gss_krb5_copy_ccache
 	 gss_cred_id_t /*cred*/,
 	 struct krb5_ccache_data */*out*/);
 
+OM_uint32
+gss_krb5_extract_authz_data_from_sec_context
+	(OM_uint32 * /*minor_status*/,
+	 gss_ctx_id_t /*context_handle*/,
+	 int /*ad_type*/,
+	 gss_buffer_t /*ad_data*/);
+
 #define GSS_C_KRB5_COMPAT_DES3_MIC 1
 
 OM_uint32
diff --git a/lib/gssapi/krb5/copy_ccache.c b/lib/gssapi/krb5/copy_ccache.c
index b8938acb3..80db21460 100644
--- a/lib/gssapi/krb5/copy_ccache.c
+++ b/lib/gssapi/krb5/copy_ccache.c
@@ -60,3 +60,41 @@ gss_krb5_copy_ccache(OM_uint32 *minor_status,
     *minor_status = 0;
     return GSS_S_COMPLETE;
 }
+
+OM_uint32
+gss_krb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
+					     gss_ctx_id_t context_handle,
+					     int ad_type,
+					     gss_buffer_t ad_data)
+{
+    krb5_error_code ret;
+    krb5_data data;
+    
+    ad_data->value = NULL;
+    ad_data->length = 0;
+    
+    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+    ret = krb5_ticket_get_authorization_data_type(gssapi_krb5_context,
+						  context_handle->ticket,
+						  ad_type,
+						  &data);
+    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+    if (ret) {
+	*minor_status = ret;
+	return GSS_S_FAILURE;
+    }
+    
+    ad_data->value = malloc(data.length);
+    if (ad_data->value == NULL) {
+	krb5_data_free(&data);
+	*minor_status = ENOMEM;
+	return GSS_S_FAILURE;
+    }
+
+    ad_data->length = data.length;
+    memcpy(ad_data->value, data.data, ad_data->length);
+    krb5_data_free(&data);
+	    
+    *minor_status = 0;
+    return GSS_S_COMPLETE;
+}
diff --git a/lib/gssapi/krb5/gssapi.h b/lib/gssapi/krb5/gssapi.h
index 462b6f3f6..2a3bcdabf 100644
--- a/lib/gssapi/krb5/gssapi.h
+++ b/lib/gssapi/krb5/gssapi.h
@@ -760,6 +760,13 @@ OM_uint32 gss_krb5_copy_ccache
 	 gss_cred_id_t /*cred*/,
 	 struct krb5_ccache_data */*out*/);
 
+OM_uint32
+gss_krb5_extract_authz_data_from_sec_context
+	(OM_uint32 * /*minor_status*/,
+	 gss_ctx_id_t /*context_handle*/,
+	 int /*ad_type*/,
+	 gss_buffer_t /*ad_data*/);
+
 #define GSS_C_KRB5_COMPAT_DES3_MIC 1
 
 OM_uint32