On Sun, Sep 02, 2018 at 08:09:55PM +0200, Lucio De Re wrote: > On 9/2/18, Skip Tavakkolian <skip.tavakkol...@gmail.com> wrote: > > > > Regarding authentication and access control, I think the only *standard* > > option for a mixed OS environment (Plan 9, Linux/*BSD, Windows) is > > Kerberos. > > > Is that still actively used (I mean, outside of Microsoft's attempted > hi-jacking)? In my Linux-prone wider environment, the name is never > uttered.
Yes, it's extremely common in many business and government environments. All of linux's weird-ass authentication systems are poorly-reinvented kerberos implementations, with the primary limitations and pain points directly stemming from unix tropes. Generally someone comes up with a bad idea, everyone adopts it, and then that bad idea slowly evolves as closely as it can to being kerberos. Most commonly, someone will mandate two-factor authentication, and kerberos tickets (usually via GSSAPI) are the back-end, regardless of which security tokens (RSA SecurID, smart cards, yubikeys, etc) are chosen. khm
