From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Sun, 2 Sep 2018 16:22:14 -0700 From: Kurt H Maier To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Message-ID: <20180902232214.GA66313@wopr> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [9fans] 9P or better file services for multiple platforms Topicbox-Message-UUID: e0932e26-ead9-11e9-9d60-3106f5b1d025 On Sun, Sep 02, 2018 at 08:09:55PM +0200, Lucio De Re wrote: > On 9/2/18, Skip Tavakkolian wrote: > > > > Regarding authentication and access control, I think the only *standard* > > option for a mixed OS environment (Plan 9, Linux/*BSD, Windows) is > > Kerberos. > > > Is that still actively used (I mean, outside of Microsoft's attempted > hi-jacking)? In my Linux-prone wider environment, the name is never > uttered. Yes, it's extremely common in many business and government environments. All of linux's weird-ass authentication systems are poorly-reinvented kerberos implementations, with the primary limitations and pain points directly stemming from unix tropes. Generally someone comes up with a bad idea, everyone adopts it, and then that bad idea slowly evolves as closely as it can to being kerberos. Most commonly, someone will mandate two-factor authentication, and kerberos tickets (usually via GSSAPI) are the back-end, regardless of which security tokens (RSA SecurID, smart cards, yubikeys, etc) are chosen. khm