A couple of questions have had answers suggesting making use of mod_auth_tkt to allow Plone 4 (Plone and Asp.Net Integration, Use Plone\'s authentication mechanism to login to o
The documentation on using mod_auth_tkt is a man page distributed with the source.
In answer to your specific questions:
In /Plone/acl_users/session. On the Manage secrets tab set a shared secret. (This is described in the documentation for setting up a shared secret with an IIS login form.) You should set the same secret in the Apache config with the TKTAuthSecret directive.
For Plone 4.0 (or Plone 3.x with plone.session 3.x) use /Plone/login_form. For Plone 4.1 use /Plone/login, assuming that the Plone site is hosted at /Plone. Use /login_form or /login if it is hosted at the root.
Plone uses _ac by default, so use TKTAuthCookieName "_ac". (The cookie name Plone uses is set in the acl_users session settings and cookie authentication settings.)
You might have to set TKTAuthBackArgName "came_from", though I think Plone will fallback to the referrer url so it may work without. And you will need to check the "Use mod_auth_tkt compatible hashing algorithm" option on the preferences tab of acl_users/session.