Stephen John Smoogen wrote:
authentication methods require a lot of dedicated work because it affects
all workflows somewhere.. and because it would mean so much downtime.. it
has never gotten the resources in time and engineers to do.
Obviously replacing an authentication protocol is a big change that
affects many things, but some smaller improvements could make the user
interface suck less. Asking for a password instead of just failing is
an isolated client-side change. It would take some programming work of
course, but little or no coordination between different components.
Authenticating in advance with kinit would continue to work, so nobody's
workflow would break.