• ferngully@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    23 天前

    I’ve used this for nearly two years and while I still think it’s a great app I grew kinda tired of all the new features being enterprise only. Specifically RADIUS with eap-tls auth for WiFi, and the newer device auth. While the ssh based auth is open source I have a couple of Linux desktops that would require enterprise licensing to authenticate via interactive login. I totally get wanting to make money on your software, for a home lab with even only $5 users, that would be $300/year.

    Last week I switched to Kanidm and it’s just as good if not better. And much more lightweight. Built in RADIUS with eap-tls support and a unixd agant for ssh and desktop login. Everything just worked. Even setting up failover replication was a breeze. Highly recommend as an alternative. My only gripe is the web interface is bare bones and pretty ugly. But they do support css overrides and something can be thrown together fairly easily.

    • moonpiedumplings@programming.dev
      link
      fedilink
      English
      arrow-up
      2
      ·
      23 天前

      Specifically RADIUS with eap-tls auth for WiFi

      You can run authentik as an LDAP server and then federate a seperate server that supports RADIUS eap-tls as federated to that. So if you are willing to run an additional software that connects to LDAP, you can make it do basically anything.

      • ferngully@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        22 天前

        Yup. And I was doing that with FreeRadius on the side. I was pretty okay with that being licensed locked. I also had sssd setup for my desktop logins but found it to be slow at times to perform logins. The Kanidm-unix agent is incredibly fast and responsive while also being five lines in a config file.

        Again, I think Authentik is fantastic and will still recommend it to people. My move was probably more motivated by my need to tinker and learn more so than my other reasons.

      • corsicanguppy@lemmy.ca
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        2
        ·
        22 天前

        an additional software that

        ‘Software’ isn’t a countable, and doesn’t attract an article like ‘an’.