this is explained page 112 of the BL admin guide "Obtaining a TGT for a BladeLogic Client (UNIX Only)".
You must use the kinit tool to obtain the TGT.
In your case you are trying to map the BladeLogic user account to a local system account using the 'map to user name' option? - so like:
bladelogic local box
bob:BLAdmins -> bob
joe:BLAdmins -> joe
typically we will map all users in a role to 1 account so like:
bob:BLAdmins -> root
joe:BLAdmins -> root
Currently there is not really a way around this, unless you go the route of mapping all users in a role to 1 local account - is there an issue w/ that?
Are there any discussions of using LDAP for authentication?