[ASH] is currently working on a Kerberos implementation to to overlay the OpenLDAP authentication system the club currently uses.

This would have several advantages, including:
 * Single-Sign-On between UCC machines.
 * Kerberised home directory mounting allowing the merging of /away and /home without security issues.
 * Enabling more UCC services to kerberise, thus extending UCC's Single-Sign-On network.

The implementation currently under consideration is found at http://www.rjsystems.nl/en/2100-d6-kerberos-openldap-provider.php

Issues to be considered include:
 * Synchronising Samba, Unix and Kerberos passwords - this is relatively painless thanks to `smbk5pwd`
 * Ticket granting on logon - what happens if people use SSH keys to log in?
 * NFS-K5
  * Do we mount all of /home by giving each machine a full-access Kerberos key? This is probably worse than the current situation.
  * Alternatively, do we mount each user's home directory (e.g. with the automounter) once they've logged in? If so, how do we make SSH keys work (and do we care)?
  * Are we interested in NFS-K5 or NFS-K5p, or do we want to deploy IPsec?