For several decades we used simple username/password authentication to access services, being them at home, somewhere in the internet or in an enterprise environment. We started to get Single-Sign-On (SSO) support, first via Kerberos and later via web authentication mechanism.

A local Kerberos Key Distribution Center (KDC) is not a new invention. It is a useful tool in combination with the Kerberos IAKerb extension but also allows to map SSO from a web authentication to local authentication or in a network environment isolated from the rest of the enterprise environment.

This talk aims to show a prototype of a common set of requirements and approaches to represent a secure POSIX identity management integration with OAuth 2.0-based identity providers. We also show how use of NTLM in SMB protocol will be replaced by a localkdc in combination with IAKerb.