Both explicit calls via MongoCredential and the URI support overriding the JAVA_SUBJECT_KEY to use a defined section of the jaas-config instead of "com.sun.security.jgss.krb5.initiate". 

However, the underlying code appears to use the literal-String value instead of getting the Subject() from the running-kerberos jaas config which then errors out. I'd expect the running jaas-config to be consulted for the named-subject and then the appropriate method calls invoked.

Without this fix, I'm forced to run the app with javax.security.auth.useSubjectCredsOnly=false which defeats some of the isolation that the Nifi product was looking to achieve.