| ▲ | project2501a 4 hours ago |
| Where do I find money to fund my rewrite of Kerberos 5 in Rust, removing the dumb options and Kerberos 4 compatibility and eventually create Kerberos 6 + AD that will solve a metric buttload of issues in Linux and knock a major peg of MS off? |
|
| ▲ | lokar 2 hours ago | parent | next [-] |
| Kerberos solves the problem that doing public key authentication is slow on a i386 |
| |
| ▲ | project2501a 42 minutes ago | parent [-] | | kerberos solves the problem that you can have short one time tokens using your password. Add public key infrastructure support, make ldap the default store and you got AD. Even better, you can throw all the OAuth crap down the drain. now, starting services with a password becomes an issue of booting the machine. | | |
| ▲ | lokar 22 minutes ago | parent [-] | | No one would build KRB4/5 today, it makes no sense. It's only advantage over an X.509 cert based system is speed on really really slow CPUs. |
|
|
|
| ▲ | mr_mitm 2 hours ago | parent | prev | next [-] |
| Memory safety or type safety are the least of Kerberos' issues. The protocol itself is fundamentally flawed. |
|
| ▲ | nightfly an hour ago | parent | prev | next [-] |
| What issues on Linux would this actually solve? |
| |
| ▲ | project2501a 35 minutes ago | parent [-] | | simplify gssapi, for one. single authentication and authorization: submit on slurm? ask kerberos + ldap. can i upload to this service? as kerberos + ldap. Policies applied on this computer? ask kerberos + ldap i may be naive a bit, i'll accept that, but I really like how AD works (which is essentially kerberos + ldap) |
|
|
| ▲ | cyberax 3 hours ago | parent | prev | next [-] |
| Ask IBM/RedHat. They did a lot of foundational work with SSSD (aka "too many 'S' D"). Kerberos is not a great protocol, though. |
| |
| ▲ | project2501a 44 minutes ago | parent | next [-] | | sssd is a dogpile of dogcrap. I have 15 tickets on github about fixing their manpages. and you really need to read the kerberos book before picking up sssd. | |
| ▲ | kakacik 3 hours ago | parent | prev [-] | | > Kerberos is not a great protocol Understatement of the week |
|
|
| ▲ | NuclearPM 4 hours ago | parent | prev [-] |
| Did you respond to the wrong comment? |
