NIS/Kerberos Centralized Authentication
Kerberos provides strong authentication mechanism, but doesn't store user account data.
NIS stores user account data, such as UID, GID, home directory, and
login shell, but doesn't contain password hashes for security reasons.
Pluggable Authentication Module (PAM) is configurable for services that require authentication, for example, login.
If a user provides valid credentials, PAM (pam_krb5) obtains the TGT from KDC, decrypts the Client/TGS session key, caches TGT, and allows the user to login.