authentication via keychain entries

In a non-Kerberos environment it could be a useful way to ask the user for his credentials on the first mount attempt and then store the credentials in user's keychain.

However, I see problems with the user experience:

if shares are defined by MDM - how do you inform the user what is happening and why his password is needed? The password dialog would come out of the blue and the user has to be informed what's going on
how to deal with password changes?
what if the user does forgot his password for a MDM defined share?
Can he decide not to enter a password for a share and not to be asked again?

There are a few points I would like to have clarified before we implement this.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information