allowtgtsessionkey

[richk]

I have a question on the risks of changing allowtgtsessionkey registry 
key in Windows to the value of 1 which is required if we want to use 
java kerberos implementation on Windows.  I know Microsoft changed 
started restricting access to TGT stating with Windows XP SP2 and have 
given an option of turning this restriction off with allowtgtsessionkey 
registry setting but we are not sure how security is compromised by 
stealing a TGT.   After all, I noticed that on my Unix box my TGT is 
cached on a file system and can be accessed by any process that is 
running as me.

Thanks for your responses in advance.

Rich