diff --git a/CASA-auth-token/client/library/mechanisms/krb5/internal.h b/CASA-auth-token/client/library/mechanisms/krb5/internal.h
index f2f1b8ec..0b9db672 100644
--- a/CASA-auth-token/client/library/mechanisms/krb5/internal.h
+++ b/CASA-auth-token/client/library/mechanisms/krb5/internal.h
@@ -29,6 +29,7 @@
 
 #include "platform.h"
 #include <micasa_types.h>
+#include <micasa_mgmd.h>
 #include <casa_status.h>
 #include "config_if.h"
 #include "mech_if.h"
diff --git a/CASA-auth-token/client/library/mechanisms/krb5/windows/get.c b/CASA-auth-token/client/library/mechanisms/krb5/windows/get.c
index 0bec09c3..4f73c2e0 100644
--- a/CASA-auth-token/client/library/mechanisms/krb5/windows/get.c
+++ b/CASA-auth-token/client/library/mechanisms/krb5/windows/get.c
@@ -33,6 +33,7 @@
 
 //===[ Global variables ]==================================================
 
+#define WINDOWS_LOGIN_ID 1
 
 //++=======================================================================
 CasaStatus SSCS_CALL
@@ -101,6 +102,8 @@ AuthTokenIf_GetAuthToken(
    SECURITY_STATUS   secStatus;
    TimeStamp         expiry;
    CredHandle        hCredentials = {0};
+   LUID              *pluid = NULL;
+   SSCS_EXT_T        *ext = (SSCS_EXT_T *)pCredStoreScope;
 
    DbgTrace(1, "-AuthTokenIf_GetAuthToken- Start\n", 0);
 
@@ -147,7 +150,16 @@ AuthTokenIf_GetAuthToken(
                // Process the setting
                if (stricmp(pSettingName, "SVC_PRINCIPAL") == 0)
                {
-                  pKrbServiceName = pSettingValue;
+                  pKrbServiceName = strdup(pSettingValue);
+                  if (pKrbServiceName == NULL)
+                  {
+                     DbgTrace(0, "-AuthTokenIf_GetAuthToken- Memory allocation failure\n", 0);
+                     retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
+                                                 CASA_FACILITY_KRB5TOKEN,
+                                                 CASA_STATUS_INSUFFICIENT_RESOURCES);
+                     goto exit;
+                  }
+                  freeKrbSvcNameBuf = true;
                }
             }
             else
@@ -191,12 +203,24 @@ AuthTokenIf_GetAuthToken(
          goto exit;
       }
    }
+   if (ext != NULL) {
+      char err[128];
 
+      if ((ext->extID != WINDOWS_LOGIN_ID) || (ext->version != 1)) {
+         DbgTrace(0, "-AuthTokenIf_GetAuthToken- Unknown extension ID\n", 0);
+         retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, CASA_FACILITY_KRB5TOKEN, CASA_STATUS_INVALID_PARAMETER);
+         goto exit;
+      }
+
+      pluid = (LUID *)ext->ext;
+      sprintf(err, "-AuthTokenIf_GetAuthToken- Found luid %d.%d\n", pluid->LowPart, pluid->HighPart);
+      DbgTrace(1, err, 0);
+   }
    // Acquire a credential handle for the current user
    secStatus = AcquireCredentialsHandle(NULL,                  // no principal name
                                         "Kerberos",            // package name
                                         SECPKG_CRED_OUTBOUND,
-                                        NULL,                  // no logon id
+                                        pluid,
                                         NULL,                  // no auth data
                                         NULL,                  // no get key fn
                                         NULL,                  // noget key arg