Valid Kerberos ticket not issued if using an 802.1x Login Window profile when FileVault 2 is enabled

If you install an 802.1x Login Window profile and also have FileVault 2 enabled, a valid Kerberos ticket will not be issued upon login. Instead, you will receive a ticket with an expiration date that is in the past.

If both a Login Window profile and FileVault 2 are required, you may use one of these methods to obtain a Kerberos ticket.

Disable automatic login

In OS X Mavericks and later, you can disable automatic login when using FileVault. This will cause you to obtain a Kerberos ticket when you log in via the Login Window.

Use the kinit method

The kinit command may be used to manually request a new ticket. In Terminal, execute the following command and enter your password when prompted:


Use Ticket Viewer method

You may also request a ticket using the Ticket Viewer application.

  1. Open Ticket Viewer, which is located at /System/Library/CoreServices/Ticket Viewer.
  2. Click the Add Identity button.
  3. Enter your identity and password, such as testuser@EXAMPLE.COM.
  4. Click Continue.
Last Modified: