Michael W. Lucas has put together a script for pulling a user’s authorized_keys file for SSH out of LDAP.  It’s a very good idea, though he hints pretty clearly that he could use feedback/feedback – there’s already some in the comments.

Updates: from discussion in IRC about this sort of distributed authentication (maybe ‘authentication distribution’ is a better phrase): Tools like puppet or FreeIPA may also be useful.  From seeing other conversations about this, it looks like there’s a lot of solutions to pick from, of varying difficulty, and none canonical.  That’s both good and bad.