I generally understand the problems that a load balancer poses for Kerberos. In fact, Microsoft's KB article outright states that it's not possible. However, this article - also on an MS site - suggests that there are possible workarounds.
Has anyone configured a system to use Kerberos and a load balancer? Did you need to use a Forefront server? Can you describe your setup?
Also, what is the precise functionality that the Forefront server provides that makes this work? As I understand it, each server behind the load balancer requires a different SPN and anything in front of the load balancer can't know what SPN to request a ticket for.