Please take a review at http://cr.openjdk.java.net/~weijun/8186884/webrev.00/
BasicProc.java is enhanced to use a native JGSS provider, and KDC.java is enhanced to start (not use) a native KDC. For example, you would be able to test interop among Java JGSS, native JGSS (with MIT krb5) and Heimdal KDC with jtreg -Dnative.krb5.lib=/usr/local/krb5/lib/libgssapi_krb5.so \ -Dnative.kdc.path=/usr/local/heimdal \ test/sun/security/krb5/auto/BasicProc.java Without those 2 new system properties, it behaves like before, i.e. Java GSS on the embedded KDC. Another change in Context.java. Instead of using shared states to provide username and password when doing a krb5 login, a callback handler is used. This is considered more common. An extra permission is needed to read the default username (though I think this can coded as optional). Thanks Max