Now that 7.8.2 and later allow the use of custom SPN's in the keytab principals list in smb.conf , can we remove the restriction that prevents you from using the custom SPN as a redirect hostname in the Global Authentication Options when using IWA/Kerberos?
This will help our larger customers who are load-balancing Content Gateways using a virtual IP on an F5 or similar, and are also using Citrix servers or have clients behind a NAT device and wish to enable cookie-based credential caching.