Brian's been doing some absolutely awesome stuff up at work. Basically it goes down like this: LDAP for account information; Kerberos v5 for authentication; TLS for LDAP connections; LDAP for authorization; nscd to keep things sane; totally transparent (and so fast you can't tell at all) failover for both the Kerberos and LDAP servers to their backup servers. Of course, he's not done yet. Next steps: OpenAFS for home directories and some data partitions; LDAP for mail aliases, etc; Winbloze 2000 clients logging in with Kerberos and having mount AFS home directories; sync between the labs we have. Possibly some other things. My role in this has mainly been to let him know what I'd like to see and then interject ignorant comments and he's done all of the real work. He gets to do it up at work, I'm going to be the one doing it all at my house once things at work settle down some. :) Basically I'm going to try and mimic much of the setup we're going to have in the end here at home. It's all stuff I've wanted to do for a while and just hadn't really gotten into it. For those curious, the LDAP + Kerberos combination is actually 'LDAPv3'. Additionally, the authentication is kind of tied together using SASL from my understanding. All-in-all, very cool stuff. :) Think that's enough for the moment. This stuff is totally da bomb tho. :)