NetAuthAgent

[Stefano Mori]

Having a problem with client Leopard NetAuthAgent dialog popping up to  
ask for a password when using "Finder > Connect to server..." to mount  
an AFP volume on a Leopard Mac OS X Server, even though I already have  
a valid Kerberos ticket. I can actually type a wrong password into the  
NetAuthAgent dialog and it will proceed to mount the share anyway,  
presumably using the ticket (guest access is disabled).

I've tried this on 4 different machines, each connecting to the same  
share, and two of them simply connect without NetAuthAgent appearing  
(correct behavior), but the other two of them do invoke it. They did  
this with 10.5.2 and also now 10.5.3. The 4 Macs have slightly  
different setups, one is my own laptop I've been using for years,  
Leopard installed clean from DVD, the others are new, one was imaged  
with a Leopard image, and one was a simple DVD install. I can't see  
any obvious pattern but then I don't know where I should be looking.  
Meanwhile dozens of Tiger Macs bound to the server can mount the share  
using Kerberos fine.

The server in question is a clean install of Leopard but the directory  
archive was imported from an Tiger 10.4.11 -> Leopard upgrade on the  
same box.

So assuming that the clients or server is misconfigured somehow, what  
config files and cashes does NetAuthAgent rely on? What's the system  
checking when it decides to invoke it, even though the Kerberos  
tickets are present on the client, both TGT and for the afp service?

Many thanks in advance,

Stefano