|
|
|
|
|
|
by jcgl
198 days ago
|
|
|
That doesn't seem right to me, assuming you still want the paradigm of one-time principal-to-domain authentication with just-in-time principal-to-resource authentication. While I think you could probably use x509 certs to streamline and modernize the ticket-granting-and-session-key dance, you'd still be doing a lot of the same high-level things. Depending on the use-case, Kerberos (/this imagined x509 Kerberos) or Oauth2 still seems suitable for single-authenticator/multiple-services paradigm. |
|
|