Summary
-------
Provide a default native GSS-API library on Windows so user does not need to install a 3rd party library. This library will be client-side only and supports the Kerberos 5 and SPNEGO mechanisms.
Problem
-------
In JDK 11 we've [ported](https://bugs.openjdk.java.net/browse/JDK-8200468) the native GSS bridge to Windows which allows JDK to use an existing native GSS-API library. However, unlike other OSes where either there is an out-of-box native GSS-API library or it can be easily installed from the system package manager, there is no default native GSS-API library on Windows and user has to install a 3rd party one.
There are other benefits we can get from using our own native GSS-API library. See solution below.
Solution
--------
Create a native GSS-API library for Windows and include it in JDK as the default native GSS-API library. The library will expose its functions through the RFC 2743 GSS-API C bindings, and its implementation will be based on Windows SSPI APIs.
This native library is superior to the existing Java GSS-API library in that it can directly read user credentials cached during Windows logon. The Java GSS-API library used to be able to read the cache when [a registry value is set](https://support.microsoft.com/en-us/help/308339/registry-key-to-allow-session-keys-to-be-sent-in-kerberos-ticket-grant) but it's now disabled by the Windows 10 Credential Guard. If the Java GSS-API library cannot read the cache, it will have to login itself by asking for username and passwords from the user. This prevents Kerberos from being used as a Single Sign-on mechanism.
Specification
-------------
This library will be automatically loaded by the native GSS bridge if the system property "sun.security.jgss.native" is set to "true". If user wants to use a 3rd-party native GSS-API library they can set the system property "sun.security.jgss.lib" to its path.
This change will be described on the [Accessing Native GSS-API](https://docs.oracle.com/en/java/javase/11/security/accessing-native-gss-api.html) page.