Kerberos should be used in this case. Kerberos is arguably the most secure open source implementation of authentication. However, in order for Kerberos to work (as intended), A host must be dedicated as the Kerberos server, and be protected from unauthorized physical or remote access.
Kerberos supports “slave servers” that can be used to back up the main (master) server. If redundancy and reliability is important, then at least one slave server should be set up. The security requirements of the slave server is the same as that of the master server.
Once Kerberos is used in a network, it can be used to authenticate practically anything. However, in order to use Kerberos for FTP, SSH and etc, PAM should be installed and configured correctly.