LDAP + Kerberos
LDAP and Kerberos together make for a great combination. Kerberos is used to manage credentials securely (authentication) while LDAP is used for determining criteria about the accounts, such as what they're allowed access to (authorization) and other account metadata. Most other LDAP setups involve in storing passwords in the LDAP directory itself using the userPassword attribute, which is ok for a basic setup, but one can do better with just a little effort.
== Overview == this is a work in progress 1. Kerberos server 1. Kerberos client 1. LDAP Server 1. PAM / NSS 1. Apache