I have to be a class idiot when it comes to LDAP. I am assuming that it cant be THAT rough, since a while back I was looking into it. I took a look at NIS, NIS+, LDAP, and Kerberos. After looking at the 'challenge rating' (mmmm AD&D) of all 5 of them (two Kerb vers.) NIS was simpler and apparently more feature rich (at the time perhaps, about 1.75 years ago ... give or take).