A Kerberos authentication scheme.

[Michael Norwick]

I apologize if this is off topic. I have been subscribed to this list 
for two years and have
archived most of the posts.  I am inexperienced at implementing an 
authentication
scheme beyond using PAM/OpenSSH/OpenSSL, and various flavors of file and 
filesystem
encryption.  I wish to move to a stronger security model that would 
implement Kerberos
with one of the developing (authenticated?) filesystems eg. AFS, Coda, 
NFSv4 on Linux
and OpenBSD with support for Windows clients.  For the size of networks 
I administer,
2-20 node lans in small business and education, protection with 
environments such as
SELinux and LIDS have proved too visible to the users.  I would like to 
provide something
more transparent.  I have a small 5 node test lan on which I have built 
and installed Kerberos
with AFS, and am now preparing to test NFSv4.  In reviewing the posts on 
this mailing
list, it appears that a many of you work with LARGE networks with many 
kdc's, realms and
educated users.  My question is; Am I forsaking the KISS paradigm and 
trying to dig a post
hole with a bulldozer or, does Kerberos/AFS/whatever, scale down well to 
meet my current
needs?  To be able to 'standardize' on an authentication method would 
make my life a lot
easier.  I guess I'm looking for krb/afs is to authentication as LAMP is 
to web services?

Michael