alt Hacker NewsI feel this is one of the weaknesses of Linux/unix ecosystem. The freeipa/sssd/nss/pam/krb/ldap/dns (+keycloak/samba/...) etc stack is just incredibly byzantine. I'm sure it is technically very capable in the right hands, but to me it feels like intractable mountain of things and worst of all the failure modes are pretty bad; you can accidentally leave security holes or alternatively lock yourself out.
Replies
ipython • today at 1:39 PM
Yes. And Microsoft Active Directory has integrated this stack with an easy to use graphical interface for almost 30 years now.
➕ show 2 replies
It's also a ton of security-sensitive code that parses untrusted data in a memory-unsafe language.