[squid-users] Problem with HAProxy + Squid 4.11 + Kerberos authentication
Service MV
service.mv at gmail.com
Thu Jul 23 17:09:51 UTC 2020
Hi Klaus,
I think something similar. But I understand that you can use the Kerberos
delegation in AD. That's partly why I'm not convinced by the documentation
I read, which tells me to create a user account in Active Directory. And I
don't understand what a user account has to do here. Maybe the
documentation is wrong and actually refers to a computer account, and the
operation of adding a Service Principal Name should be done to the computer
object. I don't know. But I'm going to try to do it and see what I can
achieve.
I'll be back.
El jue., 23 de jul. de 2020 a la(s) 13:16, Klaus Brandl (
klaus_brandl at genua.de) escribió:
> Hi Gabriel,
>
> same problem here on our HA systems.
> I think, this is caused by kerberos overall, the tickets are always bound
> to
> the hosts realname and address, look at "klist" on your client, and only
> exactly this name could be used as proxy entry.
>
> But if anyone knows a solution, i will spread my ears :)
>
> Klaus
>
> ---
>
> genua GmbH
> Domagkstrasse 7, 85551 Kirchheim bei Muenchen
> tel +49 89 991950-0, fax -999, www.genua.de
>
> Geschaeftsfuehrer: Matthias Ochs, Marc Tesch
> Amtsgericht Muenchen HRB 98238
> genua ist ein Unternehmen der Bundesdruckerei-Gruppe.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200723/bd33c997/attachment.html>
More information about the squid-users
mailing list