Keycloak won't be a kerberos server any time soon, if ever.  We are
creating a SAML/OIDC to kerberos bridge though.

On 1/30/2015 10:52 AM, Raghu Prabhala wrote:
> Unfortunately yes. Kerberos is deeply ingrained in most of internal applications/processes. While we can ask any new applications to use certificates, we have to support Kerberos.
>
> If that is not something that you will support, probably identity brokering would help. I can write a Kerberos broker as long as it is given control ( need http request) immediately by Keycloak, perhaps I can handle both authentication with key tabs (for system accts) as well as SPNEGO for users
>
> Sent from my iPhone
>
>> On Jan 30, 2015, at 9:01 AM, Stian Thorgersen <stian@redhat.com> wrote:
>>
>>
>>
>> ----- Original Message -----
>>> From: "Raghu Prabhala" <prabhalar@yahoo.com>
>>> To: "Stian Thorgersen" <stian@redhat.com>
>>> Cc: "keycloak dev" <keycloak-dev@lists.jboss.org>, "keycloak-user" <keycloak-user@lists.jboss.org>
>>> Sent: Friday, 30 January, 2015 2:44:14 PM
>>> Subject: Re: [keycloak-user] Keycloak 1.1.0.Final Released
>>>
>>> Great. Looking forward to the 1.2 Beta version.
>>> Regarding the system account support, from my perspective, it is very
>>> important because we have thousands of applications that interact with each
>>> other using system accounts (authentication with Kerberos with keytabs) and
>>> till we have that functionality, we will not be able to consider Keycloak as
>>> a SSO solution even though it is coming out to be a good product. The sooner
>>> we have it, the better. Hopefully, even other users will pitch in to request
>>> that functionality so that you can bump it up in your priority list.
>>> Thanks once again.Raghu
>>
>> For your use-case would it have to be Kerberos? Only options we've been considering are certificates and jwt/jws.
>>
>>>        From: Stian Thorgersen <stian@redhat.com>
>>> To: Raghu Prabhala <prabhalar@yahoo.com>
>>> Cc: keycloak dev <keycloak-dev@lists.jboss.org>; keycloak-user
>>> <keycloak-user@lists.jboss.org>
>>> Sent: Friday, January 30, 2015 2:10 AM
>>> Subject: Re: [keycloak-user] Keycloak 1.1.0.Final Released
>>>
>>>
>>>
>>> ----- Original Message -----
>>>> From: "Raghu Prabhala" <prabhalar@yahoo.com>
>>>> To: "Stian Thorgersen" <stian@redhat.com>
>>>> Cc: "keycloak dev" <keycloak-dev@lists.jboss.org>, "keycloak-user"
>>>> <keycloak-user@lists.jboss.org>
>>>> Sent: Thursday, January 29, 2015 6:44:11 PM
>>>> Subject: Re: [keycloak-user] Keycloak 1.1.0.Final Released
>>>>
>>>> Congrats Keycloak team. A great deal of features in this release - really
>>>> like SAML and clustering.
>>>>
>>>> But what I am really looking for is the next release as we need all the
>>>> features you listed -any tentative dates for the beta version?
>>>
>>> We might do a beta soon, but that'll only include identity brokering. The
>>> other features will be at least a month away.
>>>
>>>>
>>>> The functionality provided so far seems to be targeted toward users
>>>> accounts.
>>>> When can we expect support for System accounts (with diff auth mechanisms
>>>> like certificates, Kerberos etc?
>>>
>>> Some time this year we aim to have system accounts with certificates, it'll
>>> depend on priorities. We don't have any plans to support Kerberos
>>> authentication with system accounts, but maybe that makes sense to add as
>>> well.
>>>
>>>
>>>
>>>>
>>>> Thanks,
>>>> Raghu
>>>>
>>>> Sent from my iPhone
>>>>
>>>>> On Jan 29, 2015, at 2:11 AM, Stian Thorgersen <stian@redhat.com> wrote:
>>>>>
>>>>> The Keycloak team is proud to announce the release of Keycloak
>>>>> 1.1.0.Final.
>>>>> Highlights in this release includes:
>>>>>
>>>>> * SAML 2.0
>>>>> * Clustering
>>>>> * Jetty, Tomcat and Fuse adapters
>>>>> * HTTP Security Proxy
>>>>> * Automatic migration of db schema
>>>>>
>>>>> We’re already started working on features for the next release. Some
>>>>> exiting features coming soon includes:
>>>>>
>>>>> * Identity brokering
>>>>> * Custom user profiles
>>>>> * Kerberos
>>>>> * OpenID Connect interop
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user@lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com