For increased security, Kerberos clients of Mac OS X 10.4 or later must pre-authenticate before regular Kerberos authentication. Pre-authentication occurs automatically without user interaction.
Third-party products integrated with an environment in which Mac OS X Server handles Kerberos authentication (KDC) must support Kerberos pre-authentication.
Authentication will fail if the third-party product can't support pre-authentication or is configured not to do so. Check the third-party documentation to see if the product is configurable for pre-authentication, and change the configuration if necessary.