In MS Windows, the registry key "allowtgtsessionkey" has to be set to
"1" to allow Kerberos java client code to function correctly. This is
the information in MS KB Article ID 308339:

"To provide better security, Microsoft has restricted an interface to
retrieve ticket-granting-ticket/session key pairs from the Kerberos
security package. Because some third-party programs may require this
functionality to operate properly, the following information has been
provided so you can re-enable this interface. "

I would appreciate an explanation what the security exposure might be
when enabling this key. Shouldn't attacks on the session key be
restricted by Kerberos pre-authentication?
Ulrich Boche
SVA GmbH, Germany
IBM Premier Business Partner