Yes, this is all possible and done all the time. When you log into a domain account, Windows acquires a Kerberos credential (ticket-granting ticket or TGT) from a domain controller using your password, which in turn allows you to get tickets for other services without re-entering your password. You can see the TGT and any other tickets you have for specific services with klist.exe. Web browsers use the HTTP Negotiate exchange to send a ticket to the web server, which the server can use to identify you (an optional return token can also authenticate the server to the client). The server must be a member of the same Kerberos realm, or one which has a chain of realm trusts to yours.
mod_auth_kerb is the most common module used for Kerberos authentication in Apache. You would add a Kerberos principal for the web server to an AD account using setspn.exe, of the form HTTP/server-hostname. Then create a file holding that principal's keys, called a "keytab," using ktpass.exe on Windows or a program like ktutil on Unix (for which you need the AD account's password). The mod_auth_kerb configuration refers to the keytab. mod_auth_kerb sets the environment variable REMOTE_USER to the client's identification, and you would just read that in your application (PHP code in this case).
You must configure the web browser to actually use HTTP Negotiate authentication, the details of which vary from one browser to another.
This is just answering your immediate questions in a high-level way; there are lots of other details involved, of course, since you're dealing with a whole infrastructure and several parts which have to be coordinated: Kerberos, DNS names, principal names, browser configuration, Apache, etc.
By the way: the word in English is "authenticate," not "authentificate."