Mac OS X 10.5: Screen Sharing, file sharing, and Back to My Mac unexpectedly prompt for username and password
Symptoms
In Mac OS X 10.5, if Screen Sharing, local file sharing, and Back to My Mac services unexpectedly prompt for a username and password, the "com.apple.kerberos.kdc" certificate or key pair may have been deleted or modified in Keychain Access.
Products Affected
Mac OS X 10.5, Back to My Mac
Resolution
If you want to avoid the unexpected username/password dialog, you can reinstall Mac OS X 10.5 via an Archive and Install:
- Start up from your Mac OS X 10.5 Leopard installation DVD.
- Perform an Archive and Install installation of Mac OS X 10.5 Leopard (preserving users and network settings).
- Afterwards, update to the latest version of Mac OS X 10.5.
Important: You should not modify or delete the "com.apple.kerberos.kdc" certificate or key pair from Keychain Access, even if the certificate is marked as "This root certificate is not trusted."
Additional Information
Starting with Mac OS X 10.5 Leopard, each Mac OS X client maintains a local KDC for use with Bonjour and peer-to-peer security. This means it is a part of Back to My Mac (.Mac), local file sharing, and Leopard Screen Sharing.
During the installation of Mac OS X 10.5, a computer-specific security certificate named "com.apple.kerberos.kdc" is created and entered into the Keychain along with a public/private key pair. This certificate and the associated keys are visible in the System Keychain in Keychain Access. You may notice that this certificate is marked as "This root certificate is not trusted." This is by design, as the certificate is only intended to be accessed by those specific programs and services designed to use local KDC authentication and does not indicate an issue with the certificate or Keychain.