edu.mit.kerberos file questions

Hi, I have 10.3.9 clients authenticating to AD and being managed by Computer Lists from OS X Server. I am working at solving an occasional problem where the user can either not authenticate via AD or can but loses their automounting windows share. I can see when this happens that the AD information is no longer generated in the edu.mit.kerberos file. It has been suggested that making the file static fixes the problem - and it does, however, it has also been suggested that fixing the problem this way may cause other problems later. Two questions then for those who know: 1. I've noticed that the auto-generated file may sometimes contains: #autogenerated from: /Active Directory/addomain.com or #autogenerated from: /Active Directory/addomain.com, /LDAPv3/oddomain.com So, if I were to remove the OD information from the line, would it stay that way and just autogenerate the file from the AD domain from then on? 2. In reading up on the edu.mit.kerberos file, mit says that "You should always have a configuration file that has a [libdefaults] section with a default_realm specified. Otherwise, getting Kerberos tickets at login time may fail." The [libdefaults] that is autogenerated for me only contains: ticket_lifetime = 600 dns_fallback = no Would adding the default realm also help fix the problem. It appears so, but I don't look after AD so I'm not sure of what problems adding this in will cause (if any). For those interested, there is a thread on this at the MacEnterprise list. Thanks, Mark