/**
     * {@inheritDoc}
     *
     * @see java.lang.Object#toString()
     */
    @Override
    public String toString() {
        return "Kerb5Authenticator[subject=" + (this.getSubject() != null ? this.getSubject().getPrincipals() : null) + ",user=" + this.user
                + ",realm=" + this.realm + "]";
    }

            assertSame(copySubj, copy.getSubject(), "Clone should retain its cached Subject");
        } else {
            // If JAAS is not configured and getSubject() returns null, verify cloning still works
            assertNull(first, "First call to getSubject() returned null - JAAS not configured");

            // Clone should also return null for getSubject() calls
            Subject copySubj = copy.getSubject();

            when(mock.getSubject()).thenReturn(subject);
            doNothing().when(mock).login();
        })) {
            KerberosCredentials credentials = new KerberosCredentials(LOGIN_CONTEXT_NAME);
            assertNotNull(credentials.getSubject());
            assertEquals(subject, credentials.getSubject());
        }
    }

    /**
     * Test constructor when login fails.

    }

    @Nested
    @DisplayName("getSubject edge cases")
    class SubjectTests {
        @Test
        @DisplayName("returns provided subject")
        void subject_non_null() {
            Subject s = new Subject();
            TestCredentials creds = new TestCredentials("X", false, false, s, false);
            assertSame(s, creds.getSubject());
        }

        @Test

        }
    }

    @Test
    @DisplayName("Protected setSubject: updates subject used by getters")
    void setSubject_updatesSubject() {
        Kerb5Authenticator auth = new Kerb5Authenticator((Subject) null);
        assertNull(auth.getSubject());
        Subject subject = new Subject();
        auth.setSubject(subject);
        assertSame(subject, auth.getSubject());
    }

        this.cachedSubject = null;
    }

    @Override
    public synchronized Subject getSubject() {
        if (this.cachedSubject != null) {
            return this.cachedSubject;
        }

        try {
            log.debug("Logging on");
            LoginContext lc;

            Subject ps = super.getSubject();

            if (this.configuration != null) {

     */
    public KerberosCredentials(String loginContextName) throws LoginException {
        LoginContext lc = new LoginContext(loginContextName);
        lc.login();
        this.subject = lc.getSubject();
    }

    /**
     * Retrieves all Kerberos keys from the authenticated subject.
     *
     * @return array of KerberosKey objects
     */
    public KerberosKey[] getKeys() {

    /**
     * Get the security subject associated with these credentials.
     * @return subject associated with the credentials
     */
    Subject getSubject();

    /**
     * Refresh the credentials.
     * @throws CIFSException if refresh fails
     */
    void refresh() throws CIFSException;

                throws SmbException {
            // Not used within these tests
            throw new SmbException("not used in tests");
        }

        @Override
        public Subject getSubject() {
            return null; // not relevant for renew() behavior
        }

        @Override
        public void refresh() throws CIFSException {
            // no-op for tests
        }

        @Override

            log.debug("Initial session preauth hash " + Hexdump.toHexString(this.preauthIntegrityHash));
        }

        while (true) {
            Subject s = this.credentials.getSubject();
            if (ctx == null) {
                ctx = createContext(trans, tdomain, negoResp, !anonymous, s);
            }
            token = createToken(ctx, token, s);

            if (token != null) {