Hey gang, coulda put this in other forums, but it *is* an authentication issue at heart.

I need ideas. We're moving my office/datacenter tomorrow, and at or near the same time we decided to put the IIS webserver and Exchange mail server outside the local LAN, into almost a DMZ between the LAN and the DSL lines. This would, of course, necessitate the breakage of NT notworking across the LAN. See the tears. All NT4 servers and Win9x clients, btw.

I don't mind keeping user accounts on the IIS webserver for now. We're using a server certificate for SSL prior to the name/password pair, so users still have an extra mouse-click to accept their saved password. No biggie. But Exchange has no such "save password" features for remote access. So users would have to re-enter their name, password, and domain every time they opened Outlook. Some users are not trainable to leave Outlook running, believe me.

I will NOT allow NetBIOS through any firewall I own, ever. I'm looking for some kind of (preferably Kerberos-style) authentication system that will interoperate with IIS and Exchange. Can I trust the Windows Kerberos (doubtful)? What I'd love is a UNIX authentication server, in essence, but don't know where to start looking for Win integration. :(

If it would help, we're planning to move the servers to Win2000 soon to support our upcoming accounting package.

Any ideas?