Central authentication and /home storage with caching

Solution 1:

LDAP is appropriate for this set up.

Cached Authentication

SSSD is an alternative to pam-ldap and nss-ldap that caches passwords for offline use. It doesn't do anything with autofs maps stored in LDAP though. If you have just one file server with all of the home directories, you can use an autofs wildcard map and not worry about it.

Cached Home Directories

There is not really a turnkey solution for this on Linux like there is for OS X. The strategy is to mount the nfs home directory when on the network and use rsync to periodically synchronize the home directories.

TsumuFS looks like a promising turnkey solution, but I don't know how stable it is.

Trust Managment

In Ubuntu, there is a sudo-ldap package that will let you put your sudo configuration in LDAP. Nothing caches this, so you will be better of distributing your sudoers file with a configuration management system.

Solution 2:

Instead of relying on centralized authentication (which generally also assumes a persistent connection), you might use something like Puppet to replicate a set of users, passwords, etc to each managed host. Such an approach could allow disconnected operation, could distribute shadow password files, sudoers files, SSH public keys, and any network mount definitions ... or really any configuration/data you wish to share.

Might even incorporate something like Git as a means to sync files in a disconnected manner.

My own personal experiences with LDAP, Kerberos, centralized 'profile' storage, and roaming home directories have been painstaking, error prone, and time consuming. While it is theoretically possible to accomplish most of these requirements via these components, their practice is much more complex than might be worth managing on a home network. I completely agree with @mattdm.