After migrating to Java 7, our Java client application was unable to authenticate via Kerberos on Windows. If you have the same problem, the following configuration may help you solve it. There is a key allowtgtsessionkey in Windows registry that allows client application to decrypt session key of Kerberos Ticket Granting Ticket (TGT).