Central authentication for Windows, Linux, Google Apps, Web Apps

I am wondering if some authentication can be used to authenticate logins in Windows, Linux, Google Apps and Apache hosted web applications.

Ideally, I would love the authentication to have these features:

1. The authentication provider should be replicated, maybe one mirror exists online for external applications while an internal mirror is used for intranet/PC logins.

2. The authentication service should not be hosted on Google Apps or any other service, it should be under my full control.

3. Fault-tolerant, those mirrors can be specified in some order, if one fails, the next is tried.

I have done a lot of research, it seems Kerberos fits my needs. It seems that a lot of work has to be done.. especially for Google Apps, an SAML authentication service must be written.

I am wondering if there is an easy way, or if Kerberos is really what I am looking for.

RADIUS is another protocol choice. Plenty of providers available.

Just so you understand, what you are asking for is non-trivial, and unless you understand this space well (and I'm guessing you don't seeing as you're asking...), you almost certainly are underestimating the cost and the effort.

Kerberos is a large and complex specification, and getting effective interoperability across systems will cost you $$$$.