Review the considerations when troubleshooting Kerberos security issues.
The Java reference implementation supports only the DES encryption type. You must configure your Active Directory and KDC principals to use DES encryption.
The value of the SERVICE_PRINCIPAL_NAME property must be set to the same name you specify with the -s option when you start your data server.
Check the krb5.conf and krb5.ini files. For CyberSafe clients, check the krb.conf and krb.realms files or DNS SRV records.
You can set the debug property to true in the JAAS login configuration file.
You can set the debug property to true at the command line:
-Dsun.security.krb5.debug=true