I've been playing with Apple's Xgrid a bit lately and was hoping to find a means of using multiple agents, running tasks as an authenticated user, without having to run OS X Server on the controller.
The only way to do this is via the single-sign-on authentication option for both Xgrid controllers and agents, implemented via Kerberos in conjunction with the following packages:
OpenDirectory
DirectoryService
OpenLDAP
(some opensource available via http://www.opensource.apple.com/release/mac-os-x-1062/ )
I'm a bit rusty on Kerberos. Before I go down that route, or build a VM running Linux + OpenLDAP + KDC, has anyone successfully gotten SSO to work without OS X Server?
I'm sure you could hack it somehow, but it's probably not worth the effort. OpenDirectory is dead simple to configure and will work with everything Mac out of the box. You can buy a Mac Mini with Snow Leopard Server for $999 and be up and running within an hour.
If you're really strapped for cash, then you should go the Kerberos + LDAP route with a Linux server. It should work just as well, but you will lose some OpenDirectory features such as client management. A limited number of services work with PAM, but most do not use it and authenticate against a directory (read: Kerberos) directly.
Pretty much everything in the Mac ecosystem relies on Kerberos for SSO, so you should get familiar with it. I recommend Kerberos: The Definitive Guide for an overview of the concepts.