> It's like all of these password manager tools were created by people who've never seen nor used these existing solutions.
Maybe, but it sounds like your comment was written from a place where you've never had to actually implement one of those existing solutions.
Kerberos is great. It's also a holy terror to implement properly, especially cross-platform, and especially if you need to federate identity.
I've been down that path. While there are trade-offs with any decision, I wholly understand why so many organizations are going to solutions like Okta/Auth0 + Duo + password managers vs the "tried and true" methods of a directory server + Kerberos + SAML federation through Shibboleth
SCIM combined with modern cloud SSO makes life much easier than trying to support Kerberos.
Maybe, but it sounds like your comment was written from a place where you've never had to actually implement one of those existing solutions.
Kerberos is great. It's also a holy terror to implement properly, especially cross-platform, and especially if you need to federate identity.
I've been down that path. While there are trade-offs with any decision, I wholly understand why so many organizations are going to solutions like Okta/Auth0 + Duo + password managers vs the "tried and true" methods of a directory server + Kerberos + SAML federation through Shibboleth
SCIM combined with modern cloud SSO makes life much easier than trying to support Kerberos.