NIS+ solves most of the above problems mentioned, as for weak passwords, they can't be avoided, some sales droid is always going to use something stupid like "password" which can be brute forced. With that said LDAP is still the way to go ! It is much more versatile and is truly multi use. Your dir can be integrated into a windows AD as well as be a mail/contact dir, and server to auth and provided resource locations to your *NIX boxen.
A note though, setting up LDAP/Kerb is not for the faint of heart, im not saying you can't do it just give your self some time. Bellow are some links I picked up allong the way.