@danderson @pid_eins if later systemd is not enough sssd has provided this service with proper caching for almost 15 years.
It was built specifically for 3 reasons: consistent caching, remove unwanted libraries from binaries, allow centally controlled private credentials.
Because it predates systemd it has its own protcol but also a fast, mmaped shared cache that avoid process context switching when not needed.
(full disclosure I am the original author).