Maybe I have misread your article, but it seems to me you are saying NTLM will not work on multiple hops. We have in fact had this working using constrained delegation with protocol transitioning. A user on a workstation could successfully connect to IIS as themselves and then onto a sql server as the same account (2 hops). Where we did run into a problem though was trying to hop from one AD Domain to a different, though trusted, domain.
Constrained delegation with protocol transition is setup in your AD on the server properties Delegation tab. Selecting "Trust this computer for delegation to specified services only" (this is the constrained delegation) and then selecting "Use any authentication protocol" (this is the protocol transitioning).
In the case above, it isn't enough just setting up the SPN and then allowing the calling server to delegate. You have to specifically setup which SPNs the server can delegate too.
EDIT: Our problem with crossing domainswas that Kerberos was the only method this hop from one domain to another so we ended up using Kerberos anyway.