I just set up NIS+ on two machines and created some accounts.When I do niscat passwd.org_dir and see the contents on my system I see the encrypted passwords of all the users.I did this as an ordinary user not as root. Is this secure? What if some body runs crack on the encrypted passwords and find the real ones? Please explain me how NIS+ is more secure than NIS. Thanks.

I'm not really up on NIS+ but to get around this problem I guess you could change the permissions on the niscat command to only allow root usage. I can't see that it would cause too much of a problem. For people to run a crack, you'd need to have a compiler on the machine. I guess they could try to run it on a pc with the copied contents of the file, but that would only generate possible matches and they'd have to manually check. I'm not sure of the encryption algorithm on the passwords but I'd assume it's MD5 or similar, in which case it'd take forever to crack.

NIS+ is more secure than NIS because of the way it handles user credentials. Unlike NIS if you just connect a new machine and configure it to be a client, knowing the root of that machine you'll be able to see everything on the NIS network. On the NIS if you do this scenario, you'll be the root of the local machine itself. You won't be able to see the NIS+ network hosts. hth.