in reply to Single sign on with AD

If you are running as a CGI script within an Apache web server then you can look for the environment variable REMOTE_USER (ie. $ENV{REMOTE_USER}). If it is set then that's the user name as authenticated with Apache. With that you can use LDAP modules to extract extra information about the user from the AD.

To enable user authentication within Apache you could use mod_auth_kerb to allow Kerberos tickets or passwords to authenticate a user

AuthType Kerberos AuthName "Kerberos Login" SSLRequireSSL KrbAuthRealms DOMAIN KrbServiceName http Krb5Keytab /etc/krb5.keytab KrbMethodNegotiate on KrbMethodK5Passwd on require valid-user

It's a little tricky to get right and your server needs to be joined to the AD domain, but it works wonderfully. I assume that mod_auth_sspi works similarly.