Comment by baq

Comment by baq 5 days ago

the fact that we have to keep reinventing kerberos all the time because it doesn't speak http is starting to legitimately annoy me.

rlkf 5 days ago

Firefox can be configured to use Kerberos for authentication (search for "Configuring Firefox to use Kerberos for SSO"); on Windows, Chrome is supposed to do so too by adding the domain as an intranet zone.

Reply View 0 replies

j16sdiz 5 days ago

HTTP auth can work with kerberos.

Chrome, Firefox, Internet Explorer -- all support some form of kerberos auth in HTTP/HTTPS.

Reply View 2 replies

baq 5 days ago

I mean, I'm aware of SPNEGO etc. It's just that it was... ignored(?) by the startups/the community/google? Whatever little support there is is comparatively a worse experience than what we've got now for no really good reason.

Reply View | 1 reply
- mschuster91 5 days ago
  
  Kerberos is old neckbeard tech, highly complex to set up, with layers upon layers of legacy garbage. Trying to get it working is ... a nightmare, I prefer even the garbagefest that is Keycloak over dealing with Kerberos. At least that just requires somewhat working DNS and doesn't barf when encountering VPNs, split horizon DNS or split tunnels.
  The only places I've seen a working Kerberos setup outside of homelabs is universities (who can just throw endless amounts of free student labor power onto solving any IT problem) and large governments and international megacorps.
  
  Reply View | 0 replies