I'd second Kerberos ... RADIUS and LDAP can handle authentication, but they're not really geared for the same sort of thing (where the authenication service doesn't necessarily trust the server that's doing the authentication).

As for reasons why Perl Monks isn't using it, I couldn't say, but it was discussed a while back in Single Sign-On?

As for my experience w/ remote authentication, it's mostly in LDAP, and I've done a little work w/ RADIUS, but I'm no expert in it. (they're simple, and if you control all of the servers that are doing the authentication, they're fine)