It is certainly possible to fix (a) broken kerberos.
I've done it with 10.4 server on a few occasions. The article linked to above
might work for you, but there's some confusion there over the LKDC*. Also be sure to note one of the comments (don't miss it) about "slapconfig -kerberize" ... regardless, proceed with caution and not without a full, known-good backup.
The problem with trying to "walk" someone through something that involved here, is that there are so very many factors that come into play, and far too many openings for a person to either mistakenly - or willfully - leave out critical information.
As well as having to deal with personalities and attitudes in a way that I generally don't abide in my professional work, especially when my highest priority is solving the problem at hand.
This is an item where I've avoided any temptation to post a "tutorial" because there's just too much at stake, and I don't want to encourage anyone to possibly think that every problem has a quick fix.
The number one piece of advice I can give is: never do an upgrade install. I don't, never have and never will if I have any say in the matter. Ah, that's for OS X
client 😉
For OS X Server, I simply refuse to do an upgrade install. It's not how it should be done, and my experiences with repairing them (upgrade installs) has only reinforced this over time.
(At one point, if you needed "MCX" (really, MM) for Mac OS 9 clients, you had to upgrade from 10.3 to 10.4 in order to preserve certain items, but that's the only really viable exception).
There are many instances of upgrade installs leading to problems eventually. Sometimes right away, sometimes not until later on.
And so I do a "migration" : back up users and groups, server configurations and non-Apple software and data, verify the target drive, wipe & install, configure, update (with usual caveats), and import data where advisable, otherwise reconfigure from scratch.
Set default passwords for users and require a password change at first login, with appropriate communications to & with the users well in advance.
The next thing you need to know is: You're best off having another box provide DNS for your 10.5 server, prior to installing it. Make sure you've settled on the FQDN to be used, and have another server provide (verified) working forward & reverse lookup for the server about to get the 10.5 install.
Finally, technology is great when it works like it's supposed to. When it doesn't we can all get irascible sometimes. Remember that this forum is user-to-user support, and no-one "owes" anyone anything here, except appropriate civility (and otherwise abide by Apple's terms of use).
Regards,
-- David
* Recommended reading about the LKDC in 10.5:
http://www.dreness.com/blog/archives/42
http://www.dreness.com/wikimedia/index.php?title=LKDC