Heh. One of the authors of Kerberos works in my building. We've had some...
interesting chats about network security, not related to this, but it's been
nice to ask someone that sharp hard questons.
From my experience, the problem with Kerberos was that it scaled very well
to 10,000 users, but for an office of 20 people, it was wild overkill. I
haven't had the opportunity to work with it in a mixed environment of
Windows/UNIX/etc., but I've tried integrating it into a mixed Linux/Solaris
environment, and the results were much more pain to administrate than, say,
NIS. The problem is that NIS doesn't integrate with Samba or Windows
authentication, and Kerberos and its ilk are very good at integrating not
just user login, but actually controlling remote file-sharing access, which
they considered very important in a huge environment like MIT with home
directories, lots of core servers, etc.
I can only assume it's gotten much easier to work with since then: I'll be
very curious to hear of the experience of others here, and how well it
integrates with mixed environments.