Valid Kerberos ticket not issued if using an 802.1x Login Window profile when FileVault 2 is enabled
Lion Server, OS X Server (Mountain Lion)
If you install an 802.1x Login Window profile and also have FileVault 2 enabled, a valid Kerberos ticket will not be issued upon login. Instead, you will receive a ticket with an expiration date that is in the past.
If both a Login Window profile and FileVault 2 are required, you may manually request a new Kerberos ticket after login with one of these methods.
The kinit method
The kinit command may be used to manually request a new ticket. In Terminal, execute the following command and enter your password when prompted:
The Ticket Viewer method
You may also request a ticket using the Ticket Viewer application.
- Open Ticket Viewer, which is located at /System/Library/CoreServices/Ticket Viewer.
- Click the Add Identity button.
- Enter your identity and password, such as testuser@EXAMPLE.COM.
- Click Continue.