The Kerberos component of Active Directory supports the use of renewable principle tickets, they can be refreshed without a password, for authentication of a use against AD. This feature is especially useful for system accounts that run a service which integrates with AD without a stored password on that system running the application. This task is to setup a service that uses a Kerberos principle key to authenticate against AD.
https://wiki.samba.org/index.php/Authenticating_other_services_against_AD
http://sysadvent.blogspot.com/2012/12/day-21-double-hop-nightmare.html
http://www.math.ucla.edu/~jimc/documents/samba-ads-1401.html
*Fill in when updates to document*