This is an interesting little glitch.
On AD bound Macs if a user has their screen-saver set to require a password to deactivate and the user leaves their computer on for more than 10 hours, they will not be able to unlock the screen-saver. Apple has confirmed that this is a problem and advises that the user should enter their user name and password and then wait for one minute before they press “OK.”
This affects all versions of OS X through 10.5.7. The latest 10.5.8 patch is supposed to fix the issue.
The default time-out for a Kerberos ticket is 10 hours but with the screen-saver password lock enabled the Mac doesn’t auto renew the ticket properly. Normally every time you unlock your screen-saver it refreshes the Kerberos ticket back to 10 hours but this simply doesn’t happen if they machine has been sitting on and idle for over 10 hours.
On AD bound Macs if a user has their screen-saver set to require a password to deactivate and the user leaves their computer on for more than 10 hours, they will not be able to unlock the screen-saver. Apple has confirmed that this is a problem and advises that the user should enter their user name and password and then wait for one minute before they press “OK.”
This affects all versions of OS X through 10.5.7. The latest 10.5.8 patch is supposed to fix the issue.
The default time-out for a Kerberos ticket is 10 hours but with the screen-saver password lock enabled the Mac doesn’t auto renew the ticket properly. Normally every time you unlock your screen-saver it refreshes the Kerberos ticket back to 10 hours but this simply doesn’t happen if they machine has been sitting on and idle for over 10 hours.
