When a system is booted and an AD user logs in a Kerberos ticket is automatically created and any Kerberos enabled apps sign in automatically. However, if the screen is locked or lid is closed, the existing tickets on the machine will expire after 10 hours. If the lid is opened or screen is unlocked after this time the system does not create a new Kerberos ticket like it would during a clean boot.
Is there a way to change this so that a screen unlock creates a Kerberos ticket?
Have you checked out Apple's Enterprise Connect tool? You can get more info from your Apple rep. Here's a link to thread about this here, including the project's lead engineer from Apple: https://jamfnation.jamfsoftware.com/discussion.html?id=17757
Refer to Enabling Kerberos authentication with a third-party Key Distribution Center. The article is for Lion and has been archived by Apple, but it still seems to work.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.