The default values for krb5.conf are now hardcoded inside source code. A user needs to modify the krb5.conf file itself to apply a different setting. Sometimes this file is shared by other krb5 vendors and it's not safe to modify it directly. Sometimes an enterprise might want to deploy a JDK with some different defaults. It will be nice if the defaults are defined as security properties. A user can thus modify it and JDK also has a central place to document the defaults.