Multi-factor authentication was sold as the cure for phishing, and for a while it was. Then real-time proxy phishing, push-bombing, and SIM swaps caught up. The 2022 breaches at Twilio and Uber — and the Cloudflare attack that failed — were the field test. A threat-model walk through why only origin-bound MFA survives, and how to deploy it.
Identity
-
Phishing-Resistant MFA: Why Everything Short of FIDO2 Is Living on Borrowed Time -
Active Directory Domain Services Fundamentals The backbone of enterprise identity, explained for the Linux admin: domains, trees, and forests; organizational units and delegation; the tight dependency on DNS; the global catalog and FSMO roles; replication topology and sites; accounts and groups and the security implications of nesting; and standing up a domain controller from scratch. How AD actually models an organization, what is new in Windows Server 2025, and where it bites you.
-
Integrating Linux with Active Directory Single sign-on across a mixed fleet: joining Linux hosts to a domain with realmd and SSSD, Kerberos and GSSAPI for SSH, mapping AD users and groups to POSIX, sudo rules sourced from AD, Samba for file shares and as a domain member, and the alternative of FreeIPA with an AD trust. Making one identity work everywhere without running everything on Windows.
-
Keycloak in Production: Realm Design, Federation, Kubernetes HA, and the Operational Reality of Running Your Own Identity Provider A comprehensive guide to running Keycloak in production: realm design strategies, client scopes and protocol mappers, LDAP/AD federation, authentication flows with WebAuthn and passkeys, Kubernetes HA deployment with the Operator, theme customization, and the operational reality nobody warns you about.
-
Passkeys and WebAuthn in Practice: A Developer's Complete Guide A ground-up technical walkthrough of WebAuthn and passkeys — how the cryptography actually works, the registration and authentication ceremonies in detail, a working SimpleWebAuthn implementation, attestation demystified, fallback strategy, and the UX traps that derail production deployments.
-
Authentik: A Self-Hosted Identity Provider for Everything Deploy Authentik as your self-hosted SSO identity provider — wire up OIDC and SAML for every app in your homelab, run an LDAP outpost for legacy services, replace Google login with something you control.