In this situation, /etc/shadow may be sufficient. Most distributions by default use /etc/shadow for authentication purposes. Note that with this method, the passwords of a user on different machines are independent. As a result, a user needs to either track different passwords used on different hosts, or remember to update all hosts to use the same password. In either case, it can lead to some confusion, and certainly is not an ideal solution.
By small, I mean countable with one (human) hand. This applies to most home networks.