Upon further investigation, the interop issue appears to be unrelated to this change (or any change in 1.10; it has to do with whether the client includes the KDC certificate in the trustedCertifiers field of the request).