This tutorial, Restful Authentication with all the bells and whistles, uses Rails 2.0.2 and accommodates user account activation, changing passwords, forgotten passwords, enabling/disabling users, roles and OpenID.
It has advantages over the Caboose Sample rails application because it is accompanied by extensive community discussion, which serves as documentation. It is also more full-featured and up-to-date.
It’s missing any testing (no Test::Unit or rspec). Otherwise, it could be a good starting point for a Rails example app.
UPDATE: Rails has advanced since this discussion was relevant. As of February 2010, Rails is currently at version 2.3.5 (and Rails 3 is in beta). Several Rails gems are now available that provide a turnkey authentication solution, including Authlogic, Devise, and Clearance. You can also look at Technoweenie’s restful-authentication generator. The Ruby Toolbox page for Rails Authentication shows which are most popular. I personally recommend Devise and the Devise Example Application.