With the implementation of RFE 4688866, we store the Kerberos session ticket in the Subject's private credential set. There are a couple of problems with the implemenatation.
1. We should be checking whethe the subject is readOnly before attempting to store the subject
2. Also consider whether a method on the GSSContext (may be in com.sun.*) is better than the current approach.
3. Ensure that the session tickets are deleted at the end of GSS Context dispose.