Please review the code changes at http://cr.openjdk.java.net/~weijun/8001326/webrev.00/
Two new system properties are introduced. sun.security.krb5.rcache to control what rcache type should be used. Besides the original one (which does not need this system property to be set), we support dfl and none now. Also, sun.security.krb5.acceptor.subkey can be set to true to let acceptor generate a sub-key, so that even if a replayed authenticator is not detected, a replayed message won't work.
Thanks Max
