The module mod_auth_kerb integrates Apache into an existing Kerberos environment and allows authentication through two procedures: simple authentication with the Basic method or the negotiation procedure SP-NEGO, described in RFC 4559.

Both procedures are shown in Figure E-1. For an authentication via negotiate (only Kerberos v5), the client fetches a ticket from the Kerberos server (1), which it forwards to the Web server (2). The Web server in turn sends the ticket via the Kerberos protocol to the Kerberos server for inspection (3). What is not shown is the response of the Web server to the client if authentication is successful (or if it fails).