The Java Authentication and Authorization Service (JAAS) is one of several Java plug in modules for security. This allows applications to use security services without having to hard-code values in the source code of a program. One of the plug in modules is for Kerberos. A subject is a set of credentials representing a single entity. For a given subject, a principal, representing the specifics of the type of subject, such as KRB_NT_PRINCIPAL, describes the formatting and representation of the credentials. A subject when passed to the Login module goes through the following states:
There are multiple checks during Kerberos initialization. The Subject is usually the complete FQDN (Fully Qualified Domain Name) of the user ID and the Kerberos TGT ticket attached to it. The Principal is the FQDN of the user ID in user principal name format: domainuser@REAL.COM
The JAAS service uses different modules and parameters for pluggable security. The Kerberos module is called K5b5LoginModule and has the property required (there are properties for usage such as optional and so on). The JAAS is used here solely for authentication purposes.