Bakery and Moodle 2.x

This looks like a job for (horns) LDAP!

And you're in luck because the ldap integration module for D7 has a release: http://drupal.org/project/ldap

I'm not familiar enough with moodle or those protocols to say. Were I in your shoes I would test all three approaches (CAS, Shibboleth, pubcookie) in virtual machines and see which one provides me with the best integration. At first glance I really liked Shibboleth's distributed model.

We generally use LDAP to provide this sort of service, because it allows us to easily integrate with shell environments and workstation logins as well, and LDAP groups provide a good access control model on those ends. Because LDAP is an established protocol, it has broad support for many different authentication situations. But it is centralized.

While we are looking at options, how about good old openId?

Bakery's main goal is single sign-on, and does almost the minimum of data synchronization. It doesn't make a good tool for Drupal to non-Drupal data sync, like account replication.

http://docs.moodle.org/20/en/Integration_FAQ might give you some pointers. However, a lot of the modules are still for Moodle 1.9 and/or Drupal 6 I suppose.

hth
Frank

Frank Ralf had post update for Drupal 7 & Moodle at http://drupal.org/node/1058838