iction on AD Domain users who are members of the local Administrators group=
with UAC enabled not having access to the Kerberos TGT Session Key. I have=
SSO implemented in Java using Kerberos for my application, but we have rec=
ently faced the problem in Windows 7 that Administrator users with UAC enab=
led fail to login automatically via SSO because of the Kerberos TGT restric=
d Kerberos on the client side for SSO. Is there a way to obtain a Service T=
icket from Kerberos in this scenario.
I ran into this issue too. I am a local admin with a domain account. I cann=
ot obtain the TGT from LSA. Have a look at this ticket: http://bugs.sun.com=
This is an intentional limitation under Windows. You have to use SSPI on Wi=
ndows otherwise you have no chance.
My workaround was to call Java's kinit. What a pity.