According to the 10.6 Network Service Admin guide you should be able to authenticate VPN-L2TP users using Active Directory kerberos credentials. My understanding is the VPN server handles the communication with the AD KDC and passes the TGT and TGS to the client machine.
An exert from the network service admin guide:
To use VPN service for users in a third-party LDAP domain (an Active Directory or Linux OpenLDAP domain), you must be able to use Kerberos authentication
I assume this means it should work, but I have not been able to get kerberos authentication working with the VPN service.
Has anyone out there been able to get 10.6 VPN working with AD kerberos authentication?