Does anyone know how to configure Kerberos with Lion?

I only have the default_principal entry in pam.d/authorization (as described above) and a minimum krb5.conf as follows:

[libdefaults]

default_realm = O815.LOCAL

allow_weak_crypto = true

[realms]

O815.LOCAL = {

admin_server = kdc.o81.5

kdc = kdc.o81.5

default_domain = o81.5

}

[domain_realm]

.o81.5 = O815.LOCAL

o81.5 = O815.LOCAL

Using this setup I get a ticket on login automatically (can be shown using klist on console or within ticketviewer) but I don't run a daemon since the ticket usually lasts for my session and for the rare cases it doesn't Im not bothered to run kinit manually.

I've done the same, other than I've added the renewable option under libdefaults as suggested by mmpestorich. When I try a simple kinit -R after logging in, it errors out on me, which I'm assuming tells me that a renewable ticket isn't being checked out.

I never checked renewable tickets, without checking in depth I get an error with -R as well

~ n3$ kinit -R

kinit: krb5_get_kdc_cred: TICKET NOT RENEWABLE

10.7.4 authenticating against MS AD. Many thanks, I'm back in business after following your instructions. Samuli