If you would "like to be able to leave as much as possible of the authentication to the OS" and your OS supports it, I would suggest using Authen::PAM. PAM provides the most flexibility for the local adminstrator ranging from just crypt, to Kerberos or something.

Also read Lincoln Steins' book for more information on setuid in network servers.