I've been thinking the same thing... all of this has been done before, and will ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mbreese on March 27, 2023 \| parent \| context \| favorite \| on: We need better support for SSH host certificates I've been thinking the same thing... all of this has been done before, and will be done again. With LDAP and Kerberos, many of these workflows were possible decades ago. But having servers connected to a centralized auth infrastructure wasn't popular (probably due to automated setups). And if you wanted TLS, you might even be working with an in-house CA with LDAPS (that's how I did it). Now we're swinging back to recognizing the benefits to some level of centralization in authentication. From a historical point of view, this all seems very familiar.

gnufx on March 27, 2023 [–]

"I've long ago made up a corollary to Greenspun's tenth rule; any sufficiently complex or mature access regime will re-implement half of kerberos, poorly." -- cduzz, https://news.ycombinator.com/item?id=30798057

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact