Allow ApOption flags to be set for an ApRequest. This closes #32.
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/request/ApRequest.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/request/ApRequest.java
index 44f5b47..563a5b3 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/request/ApRequest.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/request/ApRequest.java
@@ -37,6 +37,7 @@
 import org.apache.kerby.kerberos.kerb.type.ticket.Ticket;
 
 import java.net.InetAddress;
+import java.util.EnumSet;
 
 /**
  * A wrapper for ApReq request
@@ -47,10 +48,16 @@
     private PrincipalName clientPrincipal;
     private SgtTicket sgtTicket;
     private ApReq apReq;
+    private EnumSet<ApOption> flags;
 
     public ApRequest(PrincipalName clientPrincipal, SgtTicket sgtTicket) {
+        this(clientPrincipal, sgtTicket, EnumSet.of(ApOption.USE_SESSION_KEY));
+    }
+
+    public ApRequest(PrincipalName clientPrincipal, SgtTicket sgtTicket, EnumSet<ApOption> flags) {
         this.clientPrincipal = clientPrincipal;
         this.sgtTicket = sgtTicket;
+        this.flags = flags;
     }
 
     public ApReq getApReq() throws KrbException {
@@ -75,7 +82,9 @@
         apReq.setAuthenticator(authenticator);
         apReq.setTicket(sgtTicket.getTicket());
         ApOptions apOptions = new ApOptions();
-        apOptions.setFlag(ApOption.USE_SESSION_KEY);
+        for (ApOption flag : flags) {
+            apOptions.setFlag(flag);
+        }
         apReq.setApOptions(apOptions);
 
         return apReq;
@@ -94,7 +103,9 @@
         millis -= millis % 1000;
         authenticator.setCtime(new KerberosTime(millis));
         authenticator.setCusec(usec);
-        authenticator.setSubKey(sgtTicket.getSessionKey());
+        if (flags.contains(ApOption.USE_SESSION_KEY)) {
+            authenticator.setSubKey(sgtTicket.getSessionKey());
+        }
 
         return authenticator;
     }