Single Sign-on stops working after updating to 10.4.7
Well, I'm fresh off the AFP won't start bug in 10.4.6. Now that this bug is fixed in 10.4.7, we have a new problem. It appears that on our OD Replica, single sign-on doesn't work for AFP mounts through the Apple-K method (user home directories work just fine). If a user wishes to mount an AFP share using Apple-K, he/she must re-authenticate a second time. What's more, the user MUST use his/her SHORT name to authenticate, or else the server rejects the attempt.
We tried demoting the OD Replica and then re-promoting it, but this did not solve the issue. The logon issue appears to affect 10.3 and 10.4 clients.
I believe that this might be a problem with the kerberized AFP (that is, it's not kerberized but should be). Any ideas on how to fix this?
Dual 2Ghz G5 10.4.7 Server
We tried demoting the OD Replica and then re-promoting it, but this did not solve the issue. The logon issue appears to affect 10.3 and 10.4 clients.
I believe that this might be a problem with the kerberized AFP (that is, it's not kerberized but should be). Any ideas on how to fix this?
Dual 2Ghz G5 10.4.7 Server