By default Recital uses PAM to authenticate users.  It is also possible to tell PAM to use Kerberos.  Simply replace the existing entries in the /etc/pam.d/recital file with the ones below:

auth       sufficient   pam_krb5.so try_first_pass
auth       sufficient   pam_unix.so shadow nullok try_first_pass
account    required     pam_unix.so broken_shadow
account    [default=bad success=ok user_unknown=ignore] pam_krb5.so