Look into Single Sign-On services (SSO) like Authelia, Authentik, or KeyCloak. Most SSO tools do the sorts of things you’re looking for. Some will talk to the native UNIX user store. I do agree with the others, though: if you’re this far along, then it’s time to spin up LDAP and SSO, but this might be the same tool in your case.
Any suggestions for a DNS service that specifically allows subzones, also called subdomains and delegation of those subzones.
I’m currently using CloudFlare and NameCheap. It doesn’t look like NameCheap doesn’t support subzones at all, and CloudFlare only supports them at the enterprise level.
Look into Single Sign-On services (SSO) like Authelia, Authentik, or KeyCloak. Most SSO tools do the sorts of things you’re looking for. Some will talk to the native UNIX user store. I do agree with the others, though: if you’re this far along, then it’s time to spin up LDAP and SSO, but this might be the same tool in your case.