JEP Draft: Client-side GSS-API Library for Windows SSPI

Weijun Wang at
Tue Apr 17 16:30:50 UTC 2018

Hi All

Please take a look at

With the Windows 10 Credential Guard feature turned on, Java can no longer uses the TGT in MSLSA, even if the allowtgtsessionkey registry value is set to 1. This JEP intends to provide a solution by letting Java directly make SSPI calls inside Windows.

The JEP only covers client side using the default credential, but it might do more in future releases.


More information about the security-dev mailing list