LDAP and OpenLDAP in particular.

See the list of modules at www.linux-pam.org/modules.html
Any of the modules that read data from the network can be used for centralized access checking.
For example, we used pam_radius + ActiveDirectory + IAS.

Well the answer is given - use a directory. But I want to warn you right away: firstly, there are no normal modern manuals, and secondly, with openldap you will have to invent everything from scratch: your own directory structure and the like. To facilitate the process, take 389 - there is still more "ready".
And before setting it up on a live, drive a virtual network of four to seven machines, debug the approach and learn how to use it (and at the same time teach others); otherwise it can be excruciatingly painful. If you take up openldap, I guarantee you that you will redo everything in the virtual network a couple of times until you come to a convenient approach.
If you want to do everything so that you can get hurt, then immediately make friends with the system with Kerberos. This will give you free SSO, and at the same time will allow you to increase the security of network authentication (of course, only with the right approach, and passwords like 123 will not become more secure).

Let me take this opportunity to ask. What happens if the ldap server is unavailable? Will I be able to log into any server in this case?

LDAP is the simplest. If you want to be absolutely beautiful, then there is OpenAM . Successor to Sun Directory Server.