Automatic kerberos ticket initialization on login

I would look into using pam-krb5.

On Debian and Ubuntu, it should be apt-get install libpam-krb5.

The PAM configuration would look something like:

auth required pam_unix.so
auth optional pam_krb5.so try_first_pass

or

auth required pam_unix.so
auth optional pam_krb5.so use_first_pass   

in /etc/pam.d/common-auth.

It takes the password you used to authenticate locally, e.g. the password in /etc/shadow, and then tries to use the same one as your Kerberos password.

If your Kerberos password is the same as your system password, you don't need to type it again.

If your Kerberos password is different from your system password, what happens depends on whether you used try_first_pass or use_first_pass:

• try_first_pass will ask you for your Kerberos password
• use_first_pass won't ask you, but you'll have to run kinit yourself later

Note that this probably makes ksshaskpass redundant too, because you can also have:

auth required pam_unix.so
auth optional pam_ssh.so try_first_pass
auth optional pam_krb5.so try_first_pass

On Debian and Ubuntu, that requires installing libpam-ssh.