[squid-users] Kerberos authentication on mobile phones

Panagiotis Bariamis akismpa at gmail.com
Tue May 8 14:47:39 UTC 2018


On Tue, May 8, 2018 at 9:03 AM, Amos Jeffries <squid3 at treenet.co.nz> wrote:

> On 08/05/18 10:22, Panagiotis Bariamis wrote:
>
>
>
> >> A second question. If a non domain joined machine tries to use the proxy
> >> will there be a username password prompt where if correct credentials
> >> are presented he will be able to get a ticket to use squid?
>
> >Maybe, unlikely though IMO. Getting a ticket requires first joining the
> >domain. Some client software may provide a popup and then try to contact
> >a DC and join a domain.
>
> >But whether a) the specific client software does that, and b) whether
> >info about the domain DC server is available in DNS records, and c)
> >whether the Kerberos realm "domain" matches the proxy DNS record domain
> >- all those effect the possibilities AFAIK.
>
> Given the fact that all DNS entries are ok across the domain and we use
MIT Kerberos ,
can a BYOD scenario be implemented ? I mean if the machine does not start a
kinit session ,
will the browser start such a session and get a ticket ?

Thank you ,
Bariamis Panagiotis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180508/58fd7262/attachment.html>


More information about the squid-users mailing list