installed/configured ldapv3 for some new servers, which was unbelievably time-consuming and painful. was bitten in the ass, as it turns out, by failing to stop/restart sshd when i changed pam stuff - apparently it doesn't pick up those changes on its own (thanks seth). anyway, now i can run away from both nis and hesiod as fast as my little legs will take me.
next project: determine how best to export home directories, since we've got all the centralized auth* going for them.