A lot of interesting things have come through on this.  Looks like I'll 
definately be doing some serious reading when the time comes to work on this 
more.  However right now, it's a low priority according to mgt.  Where for 
me, it's a slightly higher priority to which I'd like to get rolling.

On the question about limiting/blocking users from certain machines, the 
netgroup will that have to be multiple netgroups for various machines 
blocked?  Reason why I ask is we have 100+ servers of primarily HP, Sun, AIX, 
a few DEC and even fewer Linux (unknown distros at this point) and there are 
varying levels, sublevels and such of access control.  While one may have 
access to a client support server, they cannot have access to a Development 
box.  Yet, their manager may.  If the netgroups part becomes too cumbersome 
it would scrap the entire project and we'll have to stick with the adduser 
scripts we have right now on each machine.

-- 
---
Shawn

   "Knowing is not enough, we must apply.  Willing is not enough, we must do."
	-Bruce Lee