Here are some easy steps to archive SSO with cyn.in. I think it works with mod_auth_kerb as well - you just have to alter the login name variable.
- Remove the version of the WebServerAuth plugin shipped with cyn.in from the "products" directory (It doesn't work with REMOTE_USER variables).
- Download vanilla WebServerAuth from here: http://plone.org/products/webserverauth and put it in the "products" dir. i.e. Put the Products.WebServerAuth-1.6.tar.gz (or latest version) into the /home/cynin/buildout/products, run tar -zxvf Products.WebServerAuth-1.6.tar.gz and then from the directory /home/cynin/buildout/products/Products.WebServerAuth-1.6/Products/WebServerAuth# run cp * ../../../WebServerAuth/ -r
- Re-run buildout. i.e. cynin:/home/cynin/buildout# bin/buildout -c user.cfg
- Install WebServerAuth with portal_quickinstaller in Zope manager. i.e. Log onto Zope manager on http://<<cyninserver>>:8080/manage with admin/secret (secret is the default password if you have not changed). and in Zope Manager under Plone QuickInstaller Tool at /cynin/portal_quickinstaller, if all has gone well, you will notice WebServer 1.6. Check it and click on button Install to install. After the installation it should move down to the Installed Products section.
- Go to acl_users and edit web_server_auth: Alter the login name variable to "HTTP_CAS_USER"