Post AXZrkfvrC162dNSiLA by mjg59@nondeterministic.computer
 (DIR) More posts by mjg59@nondeterministic.computer
 (DIR) Post #AXZrVK5s6bRgYkpGmO by mjg59@nondeterministic.computer
       2023-07-11T07:15:06Z
       
       0 likes, 0 repeats
       
       The experience of SSHing into something is still nowhere near as satisfying as using Kerberised Telnet and it just printing a whole bunch of cryptic status output before suddenly giving you a shell
       
 (DIR) Post #AXZrdGYx7L2rvQDRPk by mjg59@nondeterministic.computer
       2023-07-11T07:16:05Z
       
       0 likes, 0 repeats
       
       When Kerberos works everything about it is Extremely I'm In, and when it doesn't work everything about it is fuck everything about Kerberos and fuck MIT specifically
       
 (DIR) Post #AXZrkfvrC162dNSiLA by mjg59@nondeterministic.computer
       2023-07-11T07:18:09Z
       
       0 likes, 0 repeats
       
       KRB5KRB_AP_ERR_BADMATCH  Massachusetts delenda est
       
 (DIR) Post #AXZs1eKiOK3ob7BQ8m by spacehobo@teh.entar.net
       2023-07-11T07:19:28Z
       
       0 likes, 0 repeats
       
       @mjg59 You are required by law at that point to turn to the room and ask "Anybody wanna' shut down the Federal Reserve?"
       
 (DIR) Post #AXZsDShNTR87zNPr5k by artemist@social.mildlyfunctional.gay
       2023-07-11T07:21:14Z
       
       0 likes, 0 repeats
       
       @mjg59 ssh -vvvv -o GSSAPIAuthentication=yes -o GSSAPIDelegateCredentials=yes can get you the same experience. I had to do this at CMU and it was really annoying.
       
 (DIR) Post #AXZsRxedB66S3C2r7g by nielsa@mas.to
       2023-07-11T07:25:46Z
       
       0 likes, 0 repeats
       
       @mjg59 ssh -vvv to emulate the experience, although it's less cryptic
       
 (DIR) Post #AXZtejM9kTxHQP3Yxs by mjg59@nondeterministic.computer
       2023-07-11T07:39:15Z
       
       0 likes, 0 repeats
       
       @rfc1459 It's over 20 years since Active Directory largely solved this in the Windows ecosystem and yet
       
 (DIR) Post #AXZto34lnjU9BrMq6y by fogti@chaos.social
       2023-07-11T07:35:17Z
       
       0 likes, 0 repeats
       
       @rfc1459 @mjg59 hmm personally I wouldn't agree with this much, because uhh shouldn't it be possible to automate most of that already? uploading files shouldn't be hard (ssh/scp exists) and automatic auth to kadmin also shouldn't be (keytabs exist?)... maybe I'm missing some important aspect here, but for me, the setup of kerberos was far more pleasant than any other kinda-database thingie...
       
 (DIR) Post #AXZto6lm4IfQe6Vj3g by mjg59@nondeterministic.computer
       2023-07-11T07:40:05Z
       
       0 likes, 0 repeats
       
       @fogti @rfc1459 Now do it for several thousand services that aren't all admined by you but exist in the same trust domain
       
 (DIR) Post #AXZycQ4ixqEMoicVqS by mcepl@floss.social
       2023-07-11T08:34:20Z
       
       0 likes, 0 repeats
       
       @mjg59 And yet I have still 32 passwords for my employer’s systems. 😞 Shame!
       
 (DIR) Post #AXa3HLy3XZ59ldH8XQ by dgoodlad@tinnies.club
       2023-07-11T09:23:02Z
       
       0 likes, 0 repeats
       
       @mjg59 https://tech.lgbt/@kasdeya/110688847833828258
       
 (DIR) Post #AXaclQyc1si2gvMDRY by notecharlie@social.bigcavemaps.com
       2023-07-11T16:02:18Z
       
       0 likes, 0 repeats
       
       @mjg59 I hate kerberos, kerberos is awesome. There's a reason I can't kick my FreeIPA to the curb, as much as I'd like to. There's just something about NFS4 with kerberos security that's so brilliantly elegant.