the /etc/(passwd|shadow) problem is solvable. linux pam/shadow login supports ldap already, the linux kernel supports 9p already and /bin/(login|su) could consult an authentication server on the loopback device, if one were so inclined. it's not like this would be a radical departure from authentication methods pam already supports --- like ldap.
- erik
