I spent a bit of the weekend working on what could be an MIT specific plugin for Drupal. I began playing around with a few different modules with limited success:
http://drupal.org/project/certificatelogin
http://drupal.org/project/ldap_integration
http://drupal.org/project/pam_auth
PAM works great, but the other two I were less impressive. I was hoping for a bit more of a seamless login than the certificate login module offered, and I have yet to get the LDAP module to actually work. I finally decided to scrap this plan and instead chew up and spit out certain bits of each module to create a plug-and-play MIT module which (assuming the server has kerberized PAM, and properly configured certificates) would do the following:
Certificate/Kerberos based login and account creation
Automatic synchronization between Drupal roles and MIT AFS groups via the LDAP server.
Comments
My team can help with authentication
We have already done Touchstone (shibboleth) authentication setup for Drupal 6. I can get you instructions. ldap.mit.edu doesn't do what you want yet but some people here in department are working on an LDAP service upgrade. I assume my team will be called upon test the Drupal LDAP plugin integration when the timing is right.