No we really have not but its not so hard to do I think. We just need to add the A2D2 attribute to the schema and enable some authorization checks in the KDC to make sure it constrains the service tickets the KDC grants to service accounts based on the contents of this attribute. Not hard hat all to do I think.
Was curious if anyone has looked at constrained delegation support? I know its an MS extension and the only APIs that it works with are commercial libraries so I was curious if anyone had looked at it.