The krb5_auth_con_setuseruserkey() routine is only useful
prior to calling the krb5_rd_req() routine for user-to-user
authentication where the server has the key and needs to use it to decrypt the
incoming request. Once the request has been decrypted, this key is no longer
necessary and is replaced in the authentication context with the session key
obtained from the decoded request.
The Kerberos protocol runtime provides no concurrency control for the
authentication context. If the application wants to use the same authentication
context in multiple threads, it is the responsibility of the application to
serialize access to the authentication context so that only a single thread is
accessing the authentication context at any time.