Valid Kerberos ticket not issued if using an 802.1x Login Window profile when FileVault 2 is enabled

Products Affected

Lion Server, OS X Server (Mountain Lion)

Symptoms

If you install an 802.1x Login Window profile and also have FileVault 2 enabled, a valid Kerberos ticket will not be issued upon login. Instead, you will receive a ticket with an expiration date that is in the past.

Resolution

If both a Login Window profile and FileVault 2 are required, you may manually request a new Kerberos ticket after login with one of these methods.

The kinit method

The kinit command may be used to manually request a new ticket. In Terminal, execute the following command and enter your password when prompted:

kinit


 The Ticket Viewer method

You may also request a ticket using the Ticket Viewer application.

  1. Open Ticket Viewer, which is located at /System/Library/CoreServices/Ticket Viewer.
  2. Click the Add Identity button.
  3. Enter your identity and password, such as testuser@EXAMPLE.COM.
  4. Click Continue.
Not helpful Somewhat helpful Helpful Very helpful Solved my problem
Ask other users about this article
in Apple Support Communities
See all questions on this article See all questions I have asked