I have three machines in a VCS 1.3 cluster.
A relatively small number of users log in and currently these are handled
by entries in /etc/passwd as I do not have a centralised authentication server
(which is of course an option).

I am now required to implement password expiry after 30 days but have the
issue that a user may change their password on machine number 1, but if their
application fails over to machine number 2, their password will still be
the old one.

If I don't want to get a centralised server, is there a recommended way that
the 3 machines can keep their authentication tables in sync?
One method I thought of is NIS+ server running on one machine and having
NIS+ client on the other machines, but how do I handle failover if the server
machine has a problem? Is there a VCS agent for NIS+?

If anyone has got any simple suggestions that don't require me purchasing
new machines to set up a centralised security server I would be very grateful.