One of the big issues we had in OpsMgr 2007 RTM was if you installed the Database and the Root Management Server(RMS) on a standalone server with the SDK and Config services running under a domain account users could not install the Web Console Server on a standalone machine and use Windows Authentication. The only other option was to use Forms based authentication which required you to enter a user ID and password every time the web console was launched, something even I hated doing. What was even worse was if your RMS was clustered you could not use Windows Authentication because we did not support installing the Web Console on a cluster. The good news is that we have fixed this issue in OpsMgr SP1 but users will still need to set up constraint delegation which basically allows a computer to be trusted for delegation, this is a AD-Kerberos limitation and not a product limitation. The attached doc has the steps to setup constraint delegation to support this scenario. I want to thank Marc, Manish and Ranga for helping get this scenario working in SP1.
I tried to implement the constrained delegation but without luck in SP1 RC. You've mentioned SP1 only, did you mean SP1 RTM or both? Thanks.
Following are just my observation when I did SP1 RC upgrade in Engineering, QA and Production for a client.
This is out dated for 2012. You need to use "Use any authentication protocol" in the AD object for the web servers delegation.