I have some systems which currently use Likewise Open to integrate into an AD environment, but this creates UIDs/GIDs which are not compatible with the Unix UIDs/GIDs which some other systems use.
One suggestion has been to use the central AD as an LDAP and Kerberos server, and to have local information on the users and groups (with the correct UIDs/GIDs) shared out with NIS.
Since the NIS server would then not be giving out any password hashes, would this still be terribly insecure?
(I understand that NIS doesn't do host authentication, and the information travels over the wire unencrypted, but since this information is essentially public within this network I don't see those as problems in this case)