diff --git a/src/main/java/com/xiaomi/infra/pegasus/client/ClientOptions.java b/src/main/java/com/xiaomi/infra/pegasus/client/ClientOptions.java
index 1d597505..bb25a065 100644
--- a/src/main/java/com/xiaomi/infra/pegasus/client/ClientOptions.java
+++ b/src/main/java/com/xiaomi/infra/pegasus/client/ClientOptions.java
@@ -401,11 +401,23 @@ public Builder serviceFQDN(String serviceFQDN) {
       return this;
     }
 
+    /**
+     * kerberos keytab. Defaults to {@literal ""}, see {@link #DEFAULT_KEYTAB}.
+     *
+     * @param keyTab
+     * @return {@code this}
+     */
     public Builder keyTab(String keyTab) {
       this.keyTab = keyTab;
       return this;
     }
 
+    /**
+     * kerberos principal. Defaults to {@literal ""}, see {@link #DEFAULT_PRINCIPAL}.
+     *
+     * @param principal
+     * @return {@code this}
+     */
     public Builder principal(String principal) {
       this.principal = principal;
       return this;
@@ -551,10 +563,20 @@ public String getServiceFQDN() {
     return serviceFQDN;
   }
 
+  /**
+   * kerberos principal. Defaults to {@literal ""}.
+   *
+   * @return kerberos principal.
+   */
   public String getPrincipal() {
     return principal;
   }
 
+  /**
+   * kerberos keytab. Defaults to {@literal ""}.
+   *
+   * @return kerberos keytab.
+   */
   public String getKeyTab() {
     return keyTab;
   }
diff --git a/src/main/java/com/xiaomi/infra/pegasus/rpc/interceptor/SecurityReplicaSessionInterceptor.java b/src/main/java/com/xiaomi/infra/pegasus/rpc/interceptor/SecurityReplicaSessionInterceptor.java
index 2676d8d2..c18694b2 100644
--- a/src/main/java/com/xiaomi/infra/pegasus/rpc/interceptor/SecurityReplicaSessionInterceptor.java
+++ b/src/main/java/com/xiaomi/infra/pegasus/rpc/interceptor/SecurityReplicaSessionInterceptor.java
@@ -38,12 +38,12 @@ public class SecurityReplicaSessionInterceptor implements ReplicaSessionIntercep
   private String serviceName;
   private String serviceFqdn;
 
-  // JAAS internal class, Ref:
+  // Subject is a JAAS internal class, Ref:
   // https://docs.oracle.com/javase/7/docs/technotes/guides/security/jaas/JAASRefGuide.html
   //
   // To authorize access to resources, applications first need to authenticate the source of the
-  // request. The JAAS framework defines the term subject to represent the source of a request. A
-  // subject may be any entity, such as a person or a service
+  // request. The JAAS framework defines the term "subject" to represent the source of a request. A
+  // subject may be any entity, such as a person or a service.
   private Subject subject;
   // The LoginContext class provides the basic methods used to authenticate subjects, and provides a
   // way to develop an application independent of the underlying authentication technology