This article has been archived and is no longer updated by Apple.

If you get an invalid Kerberos ticket with a Login Window profile and FileVault 2

If you turn on FileVault 2 and install an 802.1x Login Window profile, you get an expired Kerberos ticket upon login. Learn how to get a valid ticket.

If you need a Login Window profile and FileVault 2, here are ways you can get a valid Kerberos ticket.

Turn off automatic login

In OS X Mavericks and later, you can turn off automatic login when you use FileVault. You get a Kerberos ticket when you log in via the Login Window.

Use the kinit command

You can use the kinit command to request a new ticket. In Terminal, enter this command and then your password when prompted:

kinit

Use the Ticket Viewer app

Here’s how to use the Ticket Viewer app to request a ticket:

Open Ticket Viewer at /System/Library/CoreServices/Ticket Viewer.
Click the Add Identity button.
Enter your identity and password, such as testuser@example.com.
Click Continue.

Published Date: October 19, 2023

If you get an invalid Kerberos ticket with a Login Window profile and FileVault 2

Turn off automatic login

Use the kinit command

Use the Ticket Viewer app

Explore Apple Support Community