What are the flaws of NIS directory server?


Our local school has been running a bone-headed centralized authentication setup using NIS and NFS since 2010 (on CentOS 5.x, 6.x, 7.x and now Rocky Linux 8.7).

NIS is very easy to setup and it’s one of the things that JustWorks™. I understand it’s been officially deprecated and is not included in RHEL 9.x.

Does someone have an informed opinion on why NIS is deprecated in terms of flaws and/or security considerations ? I bluntly admit I’ve grown to like it.




NIS is rather insecure by todays standards. It has no host authentication mechanisms and passes all of its information over the network unencrypted, including password hashes. As a result, extreme care must be taken to set up a network that uses NIS. Further complicating the situation, the default configuration of NIS is inherently insecure.

1 Like