Greetings, I am looking for a way to do a single sign on to an intranet in the following manner:

1. A Linux user logs on via a graphical frontend (for example, GNOME).
2. He automatically requests a TGT for his username from the MIT Kerberos KDC.
3. Via some way or another, the Apache server (which we'll assume is on the same server as the KDC), is informed that this user has logged in.
4. When the user accesses the intranet, he is automatically granted access to his web applications.

I don't think I've seen this kind of functionality while searching the net. I know the following possibilities exist:

• Using an authentication module such as mod_auth_kerb, a user is presented with a login prompt to enter his username and password, which are then authenticated against the MIT Kerberos server. (I would like this to be automatic.)
• IIS supports integrated Windows logon via ASP.Net when the user is part of an Active Directory. (I'm looking for the Linux / Apache equivalent.)

Any suggestions, criticism and ideas are highly appreciated. This is for a school project to show a proof-of-concept, so every handy piece of information is more than welcome. :)