You'll want an LDAP server, a Kerberos server, NTP server, pam_ldap and pam_krb5. You can auth against ldap if you don't want kerberos, but I think krb is a much better solution.

Setting up ldap will be the most pain, Active Directory and Open Directory come with schemas set up, but you'll have to figure out what you want yourself. I believe there are some gui tools for this these days, but last I checked it wasn't much better than 2002.

See, that's the point. I /don't/ want any of that. I want to apt-get install --jfdi ubuntu-directory-server. Then I want to apt-get install ubuntu-managed-client. If I have to figure out what I need, the problem isn't solved. (Personally, I hate LDAP, but it is what it is.) Interestingly, there are blueprints and specs for almost every Ubuntu release in the last 2 years suggesting they should implement this, but there doesn't seem to be any movement. There is a guy working on a bunch of Puppet recipes, and should I end up using LDAP and automating deployment, I will probably end up contributing to this. </rant> Good news though, I did have another look at the eBox website today [1], and it seems they have a potential turn-key-esque answer. (Dagan, Apache Directory Studio looks quite good - I will check it out. Unfortunately it doesn't solve the "which schema do I choose" problem any.) Craig [1] http://www.ebox-platform.com/