this post was submitted on 05 Apr 2024
1109 points (98.9% liked)
Programmer Humor
32291 readers
37 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
For any self-hosted services you use, run something like Authentik and configure all the apps to use it for auth via OIDC (OpenID Connect). Makes the experience a lot nicer, instead of every service having its own separate user system.
You still want a local account though. Learnt that the hard way.
Why? In case authentik goes down, so you can recover data? Or something else?
I am settting up authentik and other selfhosted services right now and my plan was for authentik to have all the accounts.
I use Keycloak at work. How does Authentik compare?
I've never tried Keycloak so I'm not sure, sorry.
One feature Authentik has that I don't think Authelia nor Keycloak support is operating as an LDAP server. With Authelia at least, you have to run a separate LDAP server if you need LDAP. With Authentik, it's built in.
I guess I'll have to do the research myself. Ohh bother. I can tell you that Keycloak can use a postgresql db or ldap but it is not built in. I honestly really dislike LDAP though. It's an old protocol that has terrible client support and the only real reason to use it imo is if you need to support really high number of users and traffic, like in the millions.
I don't like it either, but there's probably some apps that only support LDAP.