I forgot to comment on your statement about forcing Kerberos (not sure what makes you think Kerberos needs to be forced). Anyway, the BAdI implemention code can check if user is logged on using SAP password and check SAP password instead of checking their Active Directory password.
↧