Here's an article on Sun's Kerberos login module, for what it's worth:
On 1/5/06, Aaron Mulder
> On 1/5/06, Cristian Roldan
> > Does Geronimo support Kerberos ?
> > How can I configure Geronimo to autheticate users using a Windows KDC ?
> My understanding is that Geronimo can use Sun's Kerberos LoginModule
> to authenticate clients based on who's logged in to the client PC.
> I'm not totally sure there aren't security issues with this approach
> since the server is essentially trusting the client to report the
> correct user, but I believe it has actually been tested and works. I
> think Alan's the one who really worked all this out so I hope he can
> chime in.
> If you want to try this I can walk you through setting up the security
> realm and point you at Sun's documentation for the options that can be
> passed to their LoginModule, but I don't have a full understanding of
> what all the options should be set to.