[CentOS] How insecure is NIS ? Possible alternatives ?

Mon Mar 26 09:07:37 UTC 2018
rainer at ultra-secure.de <rainer at ultra-secure.de>

Am 2018-03-26 10:46, schrieb Clint Dilks:

> Hi, as you why it is insecure the biggest reason is that it is trivial 
> for
> a user to get sensitive information about other users.  Particularly 
> things
> like password hashes, and with the compute power available today 
> cracking a
> hash is not impractical.

You don't even need to crack them yourself.
If you have the hashes, you can just use rainbow-tables available 
online, sometimes for a small fee.

Still relying on NIS is barely different from not having a password at 
all and just using a login.
In both cases, you have to trust your users - it's no different.