SSO solution and centralized user mgmt for about 10-30 Ubuntu machines?

Solution 1:

Google has led you down the right track. Ideally you want both LDAP for the central user management and Kerberos for it's added security and SSO.

LDAP alone will get you centralized user management but users will still have to re-authenticate with each service they are connecting too. That's where Kerberos comes in which issues the client a ticket which grants the user access to other services once they've been authenticated.

For Kerberos you'll need a stable synchronized time source. So I would start by setting up NTP, DHCP, and DNS properly. Then configure your client workstations to get their NTP from DHCP. Once you know you have a stable time source you can then setup LDAP and Kerberos servers to provide the necessary directory services to pull it together.

Solution 2:

I've found the Spinlock guides excellent for this; I've used them to set up an SSO environment with ssh ticket forwarding for a development office of about 30 developers. There are a lot of different components to this and it's somewhat of a bear to manage - you'll want a good LDAP client like Apache's Directory Studio for user maintenance.

If there's an Active Directory somewhere in your enterprise, Likewise (Google for Likewise Open, serverfault won't let me post more than one link) now has an open source version of its SSO solution that might be worth looking at. It also supports ssh ticket forwarding.