On 11/5/2018 2:32 PM, Grant Taylor via TUHS wrote:

NIS+ was encrypted over the network, and needed a public key mechanism to authenticate clients. One of which was the server itself. With it's hierarchical architecture, it had a lot of flexibility.

The encryption would thwart snooping. But it doesn't sound like that would prevent a properly authenticated client from ypcating too much information.

Unless someone already replied and I didn't read it yet:

NIS/YP is different than NIS+. NIS/YP is the old protocol. You could basically bind to any server with the correct domain name, and look at all the maps including passwd with it's encrypted passwords.

NIS+ is the hierarchical, encrypted, clients-need-keys, protocol.

Almost two entirely different things. And "almost" is more like 99.99999999999999999% different :)

ak