Note that in both of these, the user is assumed to have already logged into the central authentication system, and the web server is handling the actual authentication. Here's an extension that changes the login and logout links to redirect to the central system (warning, it is CDDL licensed, which is incompatible with the GPL!):
http://blogs.sun.com/superpat/entry/opensso_single_sign_on_extension
Here's an example that is GPL licensed, that does essentially the same thing as the above:
http://www.mediawiki.org/wiki/Extension:CASAuthentication
V/r,
Ryan Lane