first, the module complain against "failed to verify krb5 credentials: Server not found in Kerberos database
"
I've tried to use adsiedit on a DC, and add HTTP/vhost.domain.com
as another servicePrincipalName for the mapped user which already contain the SPN for the real host.
The next error which raise up is "gss_acquire_cred() failed: Miscellaneous failure (No principal in keytab matches desired name)
"
This is normal, your keytab hasn't been updated to contain the new SPN. But It seems that ktpass.exe cannot export two principals in a keytab, nor, using ktutil on linux to get two keytab in ony works, as the kvno is increased.
The question is: Does windows really use the servicePrincipalName or does it use userPrincipalName? The doc says that only one mapping can be done, so I think it uses the UPN...
So there is no way to use vhost as easely. You have to use another dummy account, and map HTTP/dummyuser2 to the vhost, and store two keytab on apache...