Before you get bound to an inflexible file based configuration mechanism, have you considered using something like LDAP? In the long run, that offers far more flexibility and will scale very well.