I've been offlist for years, and hopping back on for various reasons,
I see a thread that I'd like to add to. There's an old thread on NIS
use in Centrify that I'd like to add some comments to. I'm still
forced to work with NIS for various reasons, including interaction
with heavy duty NAS's that require it for NFSv4.
I have been busy falling in serious love with Centrify
(www.centrify.com) for this. For an environment that already has an
extensive Active Directory investment, it's a way to save weeks or
months of expensive engineering time and get on with your job. It's a
commercial toolkit, reasonably open source friendly and with free
components for home users. It provides a very good plug-and-play
solution to merging Linux and UNIX authentication, including NIS
support, to an Active Directory back end. They basically do what I'd
do if I had the time, including workable GUI's and error reporting.
You get genuine single-sign-on, commercially supported Putty for your
Windows clients, Kerberos password handling, commercially supported
OpenSSH 5.x with GSSAPI, good support for multiple "zones" that have
different sets of authorized users, scriptable toolkits for adding or
adding machines to the relevant zones, etc., etc. It works well with
CentOS 5.x, and saves me the work of having to manually compile my own
OpenSSH to get GSSAPI support.
And the NIS plugin works *very* well and saves weeks of work building
your own solution with the limited and out of date components in
CentOS or RHEL 5. It "Just Works(tm)".
CentOS mailing list