I may have found a culprit in the OS X10.5 Active Directory integration problem (see the comments on this post at AFP548.com for more info on the problem). I noticed that after a 10.5 machine is bound, it mostly freezes up when it's trying to authenticate. I started looking around and noticed interesting things in the /Library/Preferences/edu.mit.Kerberos file.
Before being bound, the file looked like this:
[libdefaults]
dns_fallback = "no"
I then bound the machine. It was unusably sluggish, as expected. After binding, the file looked like this:
# WARNING This file is automatically created by Active Directory
# do not make changes to this file;
# autogenerated from : /Active Directory/DOMAIN.DOMAIN.LOCAL
# generation_id : 0
[libdefaults]
dns_fallback = no
They are pretty much the same. I changed the file to look like this (if you check the file on a 10.4 machine that has been bound, you will see this file properly populated):
# WARNING This file is automatically created by Active Directory
# do not make changes to this file;
# autogenerated from : /Active Directory/DOMAIN.DOMAIN.LOCAL
# generation_id : 0
[libdefaults]
default_realm = DOMAIN.DOMAIN.LOCAL
noaddresses = TRUE
dns_fallback = "no"
[realms]
DOMAIN.DOMAIN.LOCAL = {
kdc = kerberosserver.domain.domain.local.:88
admin_server = kerberosserver.domain.domain.local.
default_domain = domain.local
}
[domain_realm]
.domain.local = domain.domain.local
You will have to add [v4_realms] and [v4_domain_realm] if you are using an older version of kerberos.
Mac OS X Hints
http://hints.macworld.com/article.php?story=20080808143211248