Peer-to-Peer strong authentication

Hi,

My questions for the group are:

1) what is the overhead of doing strong authentication between
peer-to-peer processes in an IBM mainframe, and IBM UNIX environment,
5% 10%, 15%? Are there any hardware solutions, that could take over
the load?

2) This is an LDAP environment. An assumption is that LDAP is better,
stronger, more secure than active directory etc. Is there some reason
that Kerberous isn't compatable with LDAP? Does LDAP have it's own
strong authentication element that removes the need for Kerberous?

Is it possible to create a VPN tunnel using LDAP alone, or do you need
SSH or some other tool for this? Can you do single signon with SSH, or
does this cause overhead for each process to process virtual circuit?

I think I know the answers to some of these, but I'm trying to get all
the info I can. Any other ideas on how to reduce the overhead load of
doing strong authentication?

Thanks, Rhino