Learning your authN-Zs



How I learned to stop worrying and love Kerberos and LDAP


Maybe you think OpenID is the New Hotness, or that OAuth invented the concept of delegated access to protected resources. Maybe you finally figured out how to push your public SSH key onto a server so you can log in without using a password, and you think you’ve found the latest-and-greatest in secure, convenient remote systems access.

Here’s the thing: the old-skool UNIX crowd had single-sign on, secure access delegation, and ways to selectively share account information across multiple machines and networks all worked out 15 years ago. Heck, even Microsoft figured it out before you did.

The secret to all this wizardry? Two simple, orthogonal technologies which taste great together: Kerberos and LDAP. Before you run off an reinvent the wheel (badly), or cook up some form of (broken) one-off credential storage mechanism, you should know about these tools, why they’re probably better than anything you’ve dreamed up, and how they not only work with web applications, but in fact make them more secure, easier to maintain, and just plain better.

Speaking experience