If you use ThinLinc on a Kerberos capable system then the user will get a TGT as part of the session creation (assuming a password was available for SSO). However this TGT will eventually expire and become useless. At this point many things might break for the user.
The responsibility of refreshing this ticket lies at least partially with ThinLinc as with a local login unlocking the screensaver would yield a fresh TGT for the user. Since the screen saver is generally not used with ThinLinc, instead replaced with a idle timer and reconnect, the normal mechanism doesn't work.