Citation needed. Other than throughput/reliability risks posed by the revocation check flow (which I know aren’t the reason people don’t use Kerberos on the web, since the big auth providers’ SPOFiness in this area is way worse, as proven by countless outages induced by so-and-so rickety auth component failing bringing down a major provider), Kerberos’ adoption issues on the web have more to do with network effect and monetization than technical limitations with the protocol.
seriously "kerberos doesn't work well on the web" is like saying "cars don't work well on the road"
browsers could make it easier to approve domains for spnego (chrome already makes it automatic for enterprise accounts). the market just doesn't want real security, it wants to login with its facebook profile.
One of the bigger issues is the double-hop problem. It's both an important security boundary, and one of the biggest butt-pains about the protocol.
https://techcommunity.microsoft.com/blog/askds/understanding...
It works great within a single organization hierarchy, but becomes pretty painful for anything we'd consider "SaaS"
Kerberos doesn't have a good monthly recurring revenue "story".
Kerberos doesn't work well on the web.
Citation needed. Other than throughput/reliability risks posed by the revocation check flow (which I know aren’t the reason people don’t use Kerberos on the web, since the big auth providers’ SPOFiness in this area is way worse, as proven by countless outages induced by so-and-so rickety auth component failing bringing down a major provider), Kerberos’ adoption issues on the web have more to do with network effect and monetization than technical limitations with the protocol.
seriously "kerberos doesn't work well on the web" is like saying "cars don't work well on the road"
browsers could make it easier to approve domains for spnego (chrome already makes it automatic for enterprise accounts). the market just doesn't want real security, it wants to login with its facebook profile.