If I understand the problem correct, systemd changed the setup to block access to the network for several services used during login, and this break any NSS module fetching information from a network service, like the NIS one. If so, this problem will affect others, like libnss-ldap and libnss-mdns, and is not NIS specific. It will not affect NSS modules with a separate daemon connecting to the network service, like libnss-ldapd and libnss-sss.
The recommondation to use the Name Service Cache Daemon (nscd) will cause new and interesting problems with NIS, and is perhaps not the best way to solve this. The NSCD cache some times will end up in an inconsistent state, and might cause users to log in with an incomplete set of groups, if I recall the problem correctly. It seem safer to not block all network connections when some of the "network enabled" NSS modules are active. -- Happy hacking Petter Reinholdtsen
