Active Directory does support FAST. It also supports tunneling over HTTPS, which also buys protection for weak pre-authentication mechanisms.
Idk about AD and PAKE.
Heimdal is really cool, though currently a bit on the abandonware side, but I'm working on a huge PR that should lead to us doing an 8.0 release with lots of pent-up and very cool features.
What's most cool about Heimdal is the build-a-compiler-for-it ethic that its Swedish creators brought to it. That's why it has a very nice ASN.1 compiler. That's why it has three other internal compilers, one for com_err-style error definition files, one for certificate selection queries, and one for sub-commands and their command-line options.
Idk about AD and PAKE.
Heimdal is really cool, though currently a bit on the abandonware side, but I'm working on a huge PR that should lead to us doing an 8.0 release with lots of pent-up and very cool features.
What's most cool about Heimdal is the build-a-compiler-for-it ethic that its Swedish creators brought to it. That's why it has a very nice ASN.1 compiler. That's why it has three other internal compilers, one for com_err-style error definition files, one for certificate selection queries, and one for sub-commands and their command-line options.