See “Client-Library and security services” for an overview of how client applications use security services. These considerations apply to client applications that use Kerberos security services:
The application must use a preexisting user credential to connect to the server. In other words, the user of the application must log in to Kerberos before running the client application. On UNIX, use the Kerberos kinit utility to log in to Kerberos.
If a user name is supplied, it must match the user’s preexisting credential. If a user name is not supplied, Client-Library connects to the server using the user name associated with the user’s Kerberos credential.