Note to myself, and maybe useful for others too. Since I request my kerberos tickets with **proxyiable flag**, all my JAAS / GSS (Kerberos) stuff is now working (almost) perfectly. I need to do extrat test in a web context, but it should be ok I think. Moreover, I need to understand good the interface used in doAs (a JAAS method). I hope have enough time to write few documentations about this all stuff. Notes : * JRE's kinit doesn't full directives of /etc/krb5.conf (example: proxiable = true) * Obtain a ticket (JRE): kinit -f -p * Obtain a ticket (MIT): kinit with the following config : [libdefaults] default_realm = FIMASYS.FR forwardable = true proxiable = true default_tkt_enctypes = des-cbc-md5 default_tgs_enctypes = des-cbc-md5 [realms] FIMASYS.FR = { kdc = srvfms-5.fimasys.fr admin_server = srvfms-5.fimasys.fr } **Beware to enctypes, MIT default enctypes are not supported by the JVM**