I want to try a scenario in which users can access other services after authenticating to keycloak using kerberos. My preference is to run all services - including keycloak - using docker compose. However I didn´t find a good guide describing docker compose with environment variables, running keycloak behind a reverse proxy (nginx) terminating https.
I was able to configure keycloak running in docker compose behind nginx, but lacking a guide it was a pain to figure out how to set keycloak environment variables.
Then I am wondering whether kerberos will work behind the usual docker compose nat or whether kerberos requires bridge driver. I have seen bridge driver in some examples, but dislike it unless there is a good reason to use it.
Then there is no clear guide on how to configure kerberos with keycloak. The ui wants a keytab.
Searching the community I found Kerberos configuration issue, but manually creating the keytab and moving it to another machine looks like a bad practice to me. Instead I could join the host as a linux domain member - but does this work? what is the recommended/supported practice?
Does keycloak then have to run with a FQDN in the domain?
Any input appreciated…