> Thanks for the reply Paul.
> By the sounds of it, it's just NIS+ by a different name

Yes and no. It's quite different from NIS+. NIS+ is proprietary and
deprecated. LDAP is a full blown distributed database system suitable for
data that changes infrequently.

But yes, it can store the same kind of information as NIS+, there are also
popular tools to use it for the same purposes as NIS+.

LDAP traffic may be encrypted with SSL/TLS: in this case, the LDAP server
has a SSL certificate.

NIS+ is also an authentication system which LDAP is not.

LDAP relies on some external authentication method.
I.E. You may utilize LDAP to serve your user data, and Kerberos 5 to
perform the authentication.

Perhaps just include the ordinary crypt hash using the "userPassword"
attribute; but this may not be a best practice (if you allow every
machine on your network to see every user's password hash)



Maybe you include a public key in your LDAP database, and rely
on each local host to perform some sort of authentication based on the
public key.


I.E. Perhaps you have a SSH server capable of the "public key
authentication feature" and able to perform a LDAP query for the user's
public key, instead of looking for a ~user/.ssh/authorized_keys file.


And a SUDO daemon capable of querying LDAP to determine if user X is
allowed to become root on _this_ system.


For local console login, you may need something different
(you need to be able to login to troubleshoot, perhaps if the network
connection is dead.)

--
-Mysid