The "Troubleshooting Security" (https://docs.oracle.com/en/java/javase/21/security/troubleshooting-security.html) has a Note linking to a page on JSSE debugging. We can add a similar link on JGSS and Kerberos to their own troubleshooting page.

We already have such a page at https://docs.oracle.com/en/java/javase/21/security/troubleshooting.html#GUID-2087ADBA-6C36-43D5-8841-C79FCB4F5FBE but it's only focused on the Java Kerberos mechanism. I suggest we add a new troubleshooting page right in the "7 Java Generic Security Services (Java GSS-API)" section. The initial content should at least introduce the debugging options. There are several ways to enable debugging:

- In the Krb5LoginModule JAAS configuration entry, one can add "debug = true" to enable debugging there.
- Setting the system property "sun.security.jgss.debug" to "true" turns on debugging in the JGSS framework.
- Setting the system property "sun.security.krb5.debug" to "true" turns on debugging in Java Kerberos 5 mechanism.
- Setting the system property "sun.security.spnego.debug" to "true" turns on debugging in Java SPNEGO mechanism.
- Setting the system property "sun.security.nativegss.debug" to "true" turns on debugging in native JGSS bridge.
- Setting the environment variable SSPI_BRIDGE_TRACE to "true" turns on debugging in the SSPI bridge on Windows

The page should warn that debugging info might contain sensitive information.

Update: with JDK-8051959, we can add "decorations" to all the value above to print out thread info or timestamp, i.e.

     * "+timestamp" string can be appended to property value
     * to print timestamp information. (e.g. "true+timestamp")
     * "+thread" string can be appended to property value
     * to print thread and caller information. (e.g. "true+thread")