Look into Single Sign-On services (SSO) like Authelia, Authentik, or KeyCloak. Most SSO tools do the sorts of things you’re looking for. Some will talk to the native UNIX user store. I do agree with the others, though: if you’re this far along, then it’s time to spin up LDAP and SSO, but this might be the same tool in your case.
This feels like a First Follower problem.
He’s clearly on the right track, but the first steps have a lot of inertia holding them back. Also, is hard to act as a community when we’re looking for those first few leaders to do something on their own that we as individuals can get behind.
We need some frameworks for action. I don’t think we know what that looks like yet.