isssue description:

Current environment
Apache CVF Web Services
Kerberos Authentication using Jboss 7.4 legacy 

Target
Apache CVF Web Services
Kerberos Authentication using Jboss 8 with Elytron

Customer needs to migrate to Jboss EAP 8 using Kerberos Elytron Authentication .

Customer has a security domains configured as follows within the security subsystem (when used with JBoss EAP 7.4)

 <security-domain name="com.sun.security.example.com" cache-type="default">
                    <authentication>
                        <login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required">
                            <module-option name="debug" value="false"/>
                            <module-option name="doNotPrompt" value="true"/>
                            <module-option name="renewTGT" value="true"/>
                            <module-option name="useTicketCache" value="true"/>
                            <module-option name="realm" value="REALM"/>
                            <module-option name="principal" value="HTTP/principal@REALM"/>
                            <module-option name="useKeyTab" value="true"/>
                            <module-option name="storeKey" value="true"/>
                            <module-option name="keyTab" value="user.keytab"/>
                        </login-module>
                    </authentication>
</security-domain>
 

How should the sceurity-domain be configured Jboss EAP8 Elytron and Kerberos ?