- Document how to use this script for application code
- Refactor to separate config from execution
- Determine how to unit test the code
- Better model who writes to config files happen. Flush/sync at close?
- Use a pid file to prevent concurrent mods of config?
- Move default config building out of script
- Replace 'saml-i' with saml- to avoid order based assumptions
- Consider not replacing existing kerberos_sts if they are not near expiration
- Consider a purge flag to remove previously prompted values
- Rename the project to be less specific to kerberos, and split up kerberos and NTLM authentication?