We have an apache2-server using Kerberos for website-authentication via Active Directory. On the website i use the Drupal-Framework and the unsupported "Kerberos Authentication"-Module (https://www.drupal.org/project/kerberos_authentication).
When a user wants to access the Website, she/he has to do the following:
The problem is in Part 5: The user still needs to fill in the login-form to get logged into drupal. The AD username and password are working here thanks to the Drupal-Kerberos-Module. But this forfeits Kerberos in the first place, since the users have to enter their credentials more than once.
How can i access the ticket the user was granted/that is stored in the browser (or wherever it is stored) using php? Or how to check if a user as a valid Kerberos ticket so that the user does not have to enter his login data twice and gets logged into drupal automatically, using php? (I am aware that this could require me to write my own drupal module)
Tangential to your question - though I've never managed to properly configure the module you mention, I've had great luck with the LDAP module. It also includes a submodule for SSO, which does exactly what you want, but using the Drupal login form as a fallback instead of the (in my opinion, ugly) popup shown in your example.