MyUnderstanding :

AS a client if i want to connect to some server which is sasl enabled. First i(client) need to login with its principal (JAAS Conf) to KDC Server. If myprincipal is present in KDC database, i will get the TGT. now with this TGT, client will request to TGS for a service ticket and if TGS able to decrypt the TGT it will grant the service ticket to the client. and now client will hit the server with service ticket and if server is able to decrypt this service ticket with its Keytab authentication will be successfull.

Scenerio :

Suppose i (client) is holding TGT in cache, Server rebooted resulting in creation of new keytab but with the same service principal. Do i(client) need to again do kinit or the existing TGT will work fine.