I will have to do some lab work to learn more about working in a mixed AD environment where the passwords are kept in a separate kerberos system.
A little background: Designing an Authentication System: A Dialogue in Four Scenes
Kerberos Consortium Kerberos Protocol Tutorial
Some info on how to actually make it work:
Configure Debian Linux box as Kerberos admin server and K MIT Kerberos installation on Debian
Active Directory and MIT Kerberos trusts (PIG: Practical Interoperability Guides)