How to manage 1000+ systems

[Rodrick Brown]

In my current organization as we grow more and more its becoming a problem
trying to manage all our users, systems and keep track of everything in a
smoothly matter so one thing I'm looking to do is deploy an authorization
and authentication mechanism with single sign on, for all our UNIX hosts.

The first thing that comes to mind naturally is Kerberos, LDAP, and
auto-mount across our environment (we're already using Sun One for about 50
hosts as a small pilot project), our infrastructure today consists of about
350 servers, made of Solaris, AIX, and Linux that span 3 data centers, this
summer alone we plan to add another 150 or so servers so I need something
that can scale very well. In 3 years alone we will have grown to 500+ Unix
servers, so I'm just looking to hear what most people think of Kerberos in
general I'm not really sure if kerberos is worth the trouble, most of our
apps only speak ldap, and to some extention LDAP does meet my most basic
requirements, so i'm just looking to hear how most people are managing huge
network of servers.

As it is right now most of us are just using Perl, sshkeys, and pconsole, 2
years from now ill probably double the ammount of servers we support in
house and was just wondering what others are doing to help speed up tasks
and keep everything running smoothly.

Also If anyone has any cfengine experiences and care to comment please do.

-- 
Rodrick R. Brown
Unix Systems Admin
http://www.rodrickbrown.com
rodrick.brown[@]gmail.com