Valid Kerberos ticket not issued if using an 802.1x Login Window profile when FileVault 2 is enabled
If you install an 802.1x Login Window profile and also have FileVault 2 enabled, a valid Kerberos ticket will not be issued upon login. Instead, you will receive a ticket with an expiration date that is in the past.
If both a Login Window profile and FileVault 2 are required, you may use one of these methods to obtain a Kerberos ticket.
Disable automatic login
In OS X Mavericks and later, you can disable automatic login when using FileVault. This will cause you to obtain a Kerberos ticket when you log in via the Login Window.
Use the kinit method
The kinit command may be used to manually request a new ticket. In Terminal, execute the following command and enter your password when prompted:
Use Ticket Viewer method
You may also request a ticket using the Ticket Viewer application.
- Open Ticket Viewer, which is located at /System/Library/CoreServices/Ticket Viewer.
- Click the Add Identity button.
- Enter your identity and password, such as testuser@EXAMPLE.COM.
- Click Continue.