@Aaron stepping out of my area of competence here, so please don’t pounce if I get details wrong. Our ops teams have chosen user password authentication backed by LDAP. Our UNIX clients use Kerberos credentials to generate a token which can be used against LDAP. As a security measure those tokens expire every few hours.
My understanding is that they are reluctant to use Solace’s native Kerberos support because it would make connecting/authenticating more difficult across the enterprise from both Windows and Linux.