>> >> So I guess it's because Java has no subkey set. Try >> "-Dsun.security.krb5.acceptor.subkey=true" to see if it's bigger. > > Yes, it is bigger and inline with the other Kerberos implemenatations. > Is there any reason not to turn it on by default since the others do it too?
No real reason but I seldom want to change the existing behavior. Except for being smaller, is there any other problem? Thanks, Max
