Fedora considers removing NIS support

Instead of storing valid password hashes in NIS, I used pam_krb5 to do password authentication and TGT fetching from the University's centralised Kerberos infrastructure. So presence of the username in my NIS map was effectively authorisation for the account holder to use workstations in the domain, but I devolved authentication to a Kerberos setup that was already maintained by someone else in the organisation.

When creating a new user account I just matched the newly created username in the NIS passwd map to the already centrally allocated single-sign-on username, and made an NFS home directory. There were no sensitive data or password hashes in the NIS maps, only mappings of "this uid and gids belong with this username", so the fact that anyone on the LAN could get a copy of the information wasn't too problematic, and I had the clients bind to the NIS master and redundant replica servers by server IP address, so things were not trivially disruptable by a rogue or hostile NIS server (in the way that a classic 1980s Sun NIS architecture using broadcasts can be).

It was simple, robust, it meant that users didn't have yet-another-username-and-password to remember, and it got me out of the irksome tasks of validating users and setting/resetting/sunsetting passwords because I was leveraging the fact that someone else in the organisation was already doing those identity management things.