So that title may be a bit to swallow…. Basically, Internet Explorer does not handle authenticating to a Kerberos enabled website running on a non-default port..
For example, I created the SharePoint central administration site on host computer MOSS (port 1000) to use Kerberos authentication. I add the service principle name (HTTP/MOSS:1000, HTTP/MOSS.domainname:1000), required for Kerberos authentication, to the central administration site’s application pool account in Active Directory. When I attempt to browse to the central admin site from another computer in the domain (my host running ie 8) I get an unauthorized message after several failed attempts to login to the site with the farm administrator’s credentials. If you go back to the the central admin site’s host (MOSS2007) and tweak the local security policy to audit failed logins then you should see Kerberos 529 events in the security log (if you attempt to reach the page again). Continue reading Using IE to Connect to a Keberos Enabled Non-Default Port SharePoint Site