• ferngully@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    21 days ago

    I’ve used this for nearly two years and while I still think it’s a great app I grew kinda tired of all the new features being enterprise only. Specifically RADIUS with eap-tls auth for WiFi, and the newer device auth. While the ssh based auth is open source I have a couple of Linux desktops that would require enterprise licensing to authenticate via interactive login. I totally get wanting to make money on your software, for a home lab with even only $5 users, that would be $300/year.

    Last week I switched to Kanidm and it’s just as good if not better. And much more lightweight. Built in RADIUS with eap-tls support and a unixd agant for ssh and desktop login. Everything just worked. Even setting up failover replication was a breeze. Highly recommend as an alternative. My only gripe is the web interface is bare bones and pretty ugly. But they do support css overrides and something can be thrown together fairly easily.

    • moonpiedumplings@programming.dev
      link
      fedilink
      English
      arrow-up
      2
      ·
      21 days ago

      Specifically RADIUS with eap-tls auth for WiFi

      You can run authentik as an LDAP server and then federate a seperate server that supports RADIUS eap-tls as federated to that. So if you are willing to run an additional software that connects to LDAP, you can make it do basically anything.

      • ferngully@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        21 days ago

        Yup. And I was doing that with FreeRadius on the side. I was pretty okay with that being licensed locked. I also had sssd setup for my desktop logins but found it to be slow at times to perform logins. The Kanidm-unix agent is incredibly fast and responsive while also being five lines in a config file.

        Again, I think Authentik is fantastic and will still recommend it to people. My move was probably more motivated by my need to tinker and learn more so than my other reasons.

      • corsicanguppy@lemmy.ca
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        2
        ·
        21 days ago

        an additional software that

        ‘Software’ isn’t a countable, and doesn’t attract an article like ‘an’.

  • the_weez@midwest.social
    link
    fedilink
    English
    arrow-up
    2
    ·
    21 days ago

    I have been using this for my homelab for about a year. I haven’t done anything too advanced, but I would say I’m a fan.

    • Derpgon@programming.dev
      link
      fedilink
      English
      arrow-up
      1
      ·
      20 days ago

      Been using it for our whole company of about 25 people max at one moment, it really is grwat, especially the group based authorization where I differentiate between people who have access to all apps versus those who just need one (like externists from other companies so they can view tickets in our OpneProject).

  • assaultpotato@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    2
    ·
    21 days ago

    Is there a reason why Keycloak isn’t used much? I’ve been loving it for years without issue but I rarely see it discussed.

    • moonpiedumplings@programming.dev
      link
      fedilink
      English
      arrow-up
      4
      ·
      21 days ago

      Keycloak only really acts as an OIDC/SAML provider. Whereas Authentik can do OIDC, SAML, LDAP, and more in a single app. It’s just extremely rich.

      I really like it because it has invites, which are extremely nice if you really want that form of fast onboarding.

    • corsicanguppy@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      21 days ago

      Keycloak is burdened by java, if I recall. I’m not sure whether this one is too. (I do need to install one of them soon, but I select on SLSA level and unfortunately can’t select against bloat here)

  • nonius@lemmy.zip
    link
    fedilink
    English
    arrow-up
    1
    ·
    21 days ago

    I’ve experimented with Authentik and Authelia, but not enough or with adequate sec expertise to feel confident in either of them or other hostable auth applications.

    Would anyone mind selling me in a particular direction and explaining why they prefer one service vs. another?

    • moonpiedumplings@programming.dev
      link
      fedilink
      English
      arrow-up
      2
      ·
      21 days ago

      Authentik is really feature rich, supporting the most out of any other provider.

      The 3 killer features to me from authentik are:

      • OIDC
      • LDAP
      • Invites

      Of course there are more. But software that does all 3 of those is rare, and I was frustrated trying to find them.

      To play devil’s advocate, Authentik is very big and unwieldy in some ways. If you only need OIDC for your family, then maybe pocket id or void auth may be more suitable.