LDAP / Kerberos

Kerberos / LDAP... it still almost Greek to me.

My organization is currently in the process of migrating from MAC OS9
to OSX.  Included in the plans is an Open LDAP implementation.  It is
our hope that this implementation will allow for "single sign-on"
(in addition to standard password management functions such as
expiration etc...)

It is my understanding that I can set up an Open LDAP directory on OSX
server and have all client OSX computers authenticate against this
directory for access.  The confusing portion of the set up, is that I
would like these users to map file shares from an SGI IRIX server.  For
this portion - I again would prefer that we use single sign on (maybe
a Kerberos key??) to connect to the SGI server and receive access to
the appropriate directories.  From what I understand this seems
possible - however I am unsure of how to actually set it up.

What I was thinking was that the OSX server would be the LDAP and
Kerberos master.  Assuming this is the case I would then point the SGI
server to the OSX Kerberos master (again I have no idea how to do
this.)  Would I then be able to see the individual users in the SGI
permissions system, and assign access as appropriate?

In addition if anyone has a clear document explaining how LDAP and
Kerberos interact and how authentication and authorization occurs -
that would really help!
I assume I am missing a ton - so any help is appreciated.

JZ