Kerberos exists too, but somewhat less common – FreeIPA includes it by default, but many people just piggyback on LDAP bind as password-based authentication and use SSH keys for passwordless (because apparently protocols other than SSH and HTTPS don't exist anymore). The MIT Kerberos 5 suite is still actively maintained and receives new features, such as S-PAKE), whereas Heimdal appears to be on life support.