ΔΕΞΑΙ!

If you get stuck having to use a Java app in your wonderful Unix Kerberos environment, you may have some problems initially. You might notice that even though you have asked it to use your ticket cache like so,

 com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=TRUE 

it still refuses to find a principal.

This is because it will choke on encryption that isn't des3. On my personal laptop which runs Heimdal, I needed to add this to krb5.conf lib-defaults to restrict the encryption type:

default_etypes=des3-cbc-sha1

At this point it will find your pricipal and TGT correctly, and setup an ecrypted connection.