In a load balancer scenario, the browser should ask for a Kerberos ticket to access the web server on the load balancer. The load balancer should forward the request on to the real service. The real service should be able to validate the Kerberos token using the load balancer's principal and keytab entry. So the load balancer's keytab entry needs to be in the service's configured keytab file.
However for all this to work, the service needs to understand that a load balancer is in the middle and behave properly. So there are some details here, related to Storm that some one familiar with storm needs to answer. For example does Storm support this scenario?
I seem to have lost track of the issue here... the subject of this tread is related to an unsupported key. I think we solved this and have now moved on to another issue?