How are you configuring the login modules? This sounds more a case of falling back to using the 'other' security domain rather than the module being substituted.
Thanks for your fast response.
You were right, the system was defaulting to 'others' security-domain. We created a second domain with the Krb5LoginModule and that got the app running. Anyway, now we have a new issue with the kdc token length; it's being truncated in our http requests, so all we get a 401s. I'm trying to figure out if this is AD's fault or we have to set specific eTypes via supported_enctypes in the krb5.conf and kdc.conf. But I assume that's a question for another time on a different forum and thread.
Sorry for the extremely delayed response. I'm a full time student studying for a PhD in BioMed Tech while working full time as a system dev for my present company. Anyway, the project was put on hold for a bit and now it's being lazarethed.