No MobileMe or dotmac required!
I thought of a solution for manual sync last week: One keychain per Mac. Say I have 3 systems: work, home, and other. Each system has 3 Apple keychains: work.keychain, home.keychain, and other.keychain, with each host using its own as the default. Then I can rsync work.keychain to home.keychain & other.keychain, etc. This is awkward with rsync because it’s inherently unidirectional, but keychains are small so it’s quite feasible to script.
In Tiger, I know the keychain is actually stored in memory once it’s unlocked, so it’s good to lock (unload) all keychains with “security lock-keychain -a” before updating the files — this goes in the same script.