Help

Kerberos Ticket and login window unlock

Jason
Contributor II

Posted on ‎08-05-2016 07:26 AM

When a system is booted and an AD user logs in a Kerberos ticket is automatically created and any Kerberos enabled apps sign in automatically. However, if the screen is locked or lid is closed, the existing tickets on the machine will expire after 10 hours. If the lid is opened or screen is unlocked after this time the system does not create a new Kerberos ticket like it would during a clean boot.

Is there a way to change this so that a screen unlock creates a Kerberos ticket?

0 Kudos
Reply
2 REPLIES 2

timlarsen
Contributor

Posted on ‎08-05-2016 11:11 AM

Have you checked out Apple's Enterprise Connect tool? You can get more info from your Apple rep. Here's a link to thread about this here, including the project's lead engineer from Apple: https://jamfnation.jamfsoftware.com/discussion.html?id=17757

0 Kudos
Reply

dwandro92
Contributor III

Posted on ‎08-08-2016 08:29 AM

Refer to Enabling Kerberos authentication with a third-party Key Distribution Center. The article is for Lion and has been archived by Apple, but it still seems to work.

0 Kudos
Reply