The krb5-auth-dialog application will periodically check (every 30 seconds) if the user has Kerberos credentials, and if so, if they will expire soon (in less than 30 minutes). If it determines that this is the case, krb5-auth-dialog will attempt to obtain fresh credentials, prompting the user for whatever information is necessary.
If this option is specified, krb5-auth-dialog will start only if it finds that the user has Kerberos credentials. This may be used to ensure that only users who actually use Kerberos see the program. Note that in some settings, users may authenticate to Kerberos at a later time even if they do not have Kerberos credentials initially.
Probably, but let's hope not. If you find any, please file them in the bug database at https://gitlab.gnome.org/GNOME/krb5-auth-dialog/-/issues
Christopher Aillon <email@example.com>
Jonathan Blandford <firstname.lastname@example.org>
Guido Günther <email@example.com>