Solution available to fix the problem where the Kerberos Ticket Granting Ticket is not issued during an Active Directory user’s initial login.

Apple have detailed the fix in http://support.apple.com/kb/HT4100. A fix is also listed at http://www.afp548.com/forum/viewtopic.php?showtopic=26509.

Follow the steps below to force the creation of the Kerberos TGT on initial login. The is taken from the Apple Knowledgebase:-

1. Make a backup copy of the authorization file with this Terminal command:

   sudo cp /etc/authorization /etc/authorization.bak

2. Open the /etc/authorization file in a text editor or plist editing application.
3. Locate this key:

   <key>system.login.console</key>

4. Under mechanisms, add the string:

   <string>builtin:krb5store,privileged</string>

5. Save the file to /etc

Tweet