I once tested this succesfully with pGina, but it's not very friendly to setup.
You can also use a SAMBA server acting as an Active Directory provider, with an LDAP backend, but I haven't tested this yet. Here are the two basic steps do:
SAMBA as a PDC
The basic configuration goes like this:
[global]
passdb backend = tdbsam
os level = 33
preferred master = auto
domain master = yes
local master = yes
security = user
domain logons = yes
logon path = \\%N\profiles\%U
logon drive = H:
logon home = \\homeserver\%U\winprofile
logon script = logon.cmd
[netlogon]
path = /var/lib/samba/netlogon
read only = yes
[profiles]
path = /var/lib/samba/profiles
read only = no
create mask = 0600
directory mask = 0700
More info on the SAMBA docs.
LDAP
Properly configuring an LDAP server is not something trivial (neither the SAMBA server IMHO), but after you configure one (OpenLDAP, FDS, etc.), here's some good info on how to integrate it with SAMBA. And more specific for RedHat.
I also hear SAMBA 4 will be a complete replacement for Active Directory, but who knows when that will be released.
Anyway, I don't know if this has become easier than when I tried it (about 2 years ago), but I hope so, because I gave up after a few weeks of trial... Maybe it's time to give it another go.
Back then, my personal preference was for FDS because it has a great admin console, and it was easier to set up.
Edit: I just remembered eBox. I haven't tested it because I don't like all-in-one solutions, but take a look at the site if you do (it offers plenty more than a domain controller).
Best Answer
not out of the box. You can install the MIT kerberos client for Windows and you can run kinit against the KDC and you can probably map the local workstation user to the kerberos principal on the apache-ds database, but it is in not AD (which is what the Windows native kerberos client expects).
If you want to use kerberos with Windows clients you really need to use their implementation (you can get away with the samba 4 though).
By the way, authenticating Windows hosts against it (I suppose that is not what you meant, but it is, strictly taken, what you ask) is I think not possible. You could kerberize services running in them (like apache for instance), joining machines to the kerberos realm will be not possible.