...
If you enable the Krb5LoginModule and authenticate the userid and password against a Kerberos KDC, then Java must be told the name of the Kerberos Realm and the network name of the KDC. Again, this can be done with system properties (java.security.krb5.realm and java.security.krb5.kdc) or by copying a Unix krb5.conf file into the {jre-home}/lib/security directory. Note that SPNEGO also uses Kerberos and sets the same system properties. So if you are planning to use both JAAS and SPNEGO with Kerberos, read about SPNEGO configuration when planning JAAS.
NOTE
If using jre 1.6, you will need to use "com.sun.security.auth.module.Krb5LoginModule sufficient" for Kerberos V5 to work correctly.