Yes, I would be concerned that authentication will break. IIS 4 on NT used built-in custom authentication that was based upon the underlying NT box's logins, and I doubt that has changed.

Apache, on the other hand, does not use custom authentication unless you compile it in with special modules. Big difference.

Update: Rewritten to focus on the authentication problem, which I view as the most serious one.