Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Oh, I wanted to escape the Kratos hell by migrating to Keycloak and you say Kratos was created to actually be a better alternative? Well I have to say I had a very hard time implementing browser flows, configuration is a mess, not everything working through yaml configs works as env var. Documentation is a mess. All in all, it took months what should have been weeks at most. Sorry for the negativity, but it is one of the software pieces I really wish I have avoided.


sorry to hear that, hope you have a better experience going forward. if you feel like it send me some details on what was most painful and we'll fix it.


Just from looking right now, I'm a bit puzzled by being told right away that it has all open APIs in a warning in the install guide. Would I really want to tell someone to try starting something for our security that is an immediate attack vector?


if you leave the admin APIs unsecured in production it is an attack vector, not sure what you would prefer being told here?

It says "When deploying Ory open-source Servers, protect access to their APIs using Ory Oathkeeper or a comparable API Gateway."


Since docker/k8s I've started to encounter containers that just start with a default user and no password. The Cuckoo's Egg was published in 1989. Choose a random password if you don't have one and print it to the console.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: