I should clarify something I mentioned earlier. You can connect to the server with user/postgres@REALM. That's a good way to distinguish between a user's general privileges and his postgresql-specific privileges. (You can easily map user/postgres@REALM to database user 'user'.)
The problem is connecting to the server using the JDBC driver. It currently uses the connection username and password to log into the KDC and also provides the username to the database. That works fine with a simple username but gets confused with principal names like above. What I plan to add is the ability to specify a keytab instead of the username and password for the JDBC driver. I banged my head against the wall for awhile before downloading the code and single-stepping through the login process. :-)