Authentication nightmare under Fedora 7

[Timothy Murphy]

I got into a terrible mess yesterday,
when I ran authconfig.gtk on my desktop,
checking the ldap checkbox.

This was one step in the saga of configuring openldap -
possibly the worst-documented program in the history of computing.
I actually have openldap working, but was trying to butter the cake
by installing phpLDAPadmin .
This again seemed to be working, but whatever I tried
I got an authentication error.
Hence the disastrous idea of running authconfig,
which made the desktop seize up, and fail to re-boot,
hanging at "Starting system message bus".
I won't go into the subsequent torture,
but it ended when I used Knoppix
to delete all mention of ldap in /etc/nsswitch.conf .

This led me to ponder authentication in Fedora.
Is it really the complete shambles it seems to me to be?
Are there several rival authentication methods:
SASL, SSL, TLS, etc?
How does one tell which to use?
Is all this documented anywhere?
I seem to have *.pem files all over the place.
And how does all this fit in with /etc/pam.d/ ?
And what does /etc/nsswitch.conf have to do with it?

Is authentication under Fedora utterly confusing,
or have I got hold of the wrong end of the stick?