Description
Currently, for Kerberos logins, KnoxSession requires some kind of JAAS config. It should also honor the current Subject, supporting doAs() invocations from already-authenticated subjects.
I'm proposing that the current Subject be used if it exists, and fall back to a JAAS configuration otherwise.