May be with KDC to keep some symmetric keys?
For me Kerberos looks nice in terms of its high resistance to quantum break because it uses only symmetric keys. I have read in terms of its strength AES 256 is about like RSA 16384, though even usage of RSA 8192 is seldom today yet.
According to many opinions real security of RSA key increases much slower than its key length, so that even a switch from RSA 3072 to RSA 4096 gives a very little almost not significant increase of key strength:
Is Kerberos useful only for local networks without remote Internet connections?
Then for remote usage an asymmetric cryptography is still a must at least for sharing secrets like session keys, passwords, etc?
For example how to exchange symmetric secret without PGP ?
Windows Active Directory uses Kerberos too under the hood, it is most likely not a good idea to place ADC on an open Internet.
I wonder, is it possible to initially authenticate to Kerberos by a hardware token like NK FIDO2 or NK PRO2 instead of login and password? Sure it is possible to keep a login and password in a password keeper like KeePass, then authenticate to it by hardware token and use credentials from it for further authentication to Kerberos, but it is a manual work to copy/paste and if used at login screen then we most likely miss KeePass software at this step?
For a Rutoken there is an example:
What are the best specialized distributions or docker containers to easily get up and running a Kerberos server preferably compatible with Windows too? Does anything like it exist running on OpenBSD instead of Linux (not Windows of course)?
but based on OpenBSD.
In 2014 there are were some code cleanups in OpenBSD to exclude Kerberos, but most likely only as a client, as a server Kerberos can still run on OpenBSD?
Please also suggest another alternative popular enough and very secure SSO supporting authentication by Nitrokey PRO2/HSM2.