You need to create one AD entry for proxy.domain.tld and copy the same
keytab to both squid servers and use the -s GSS_C_NO_NAME option for
squid_kerb_auth or negotiate_kerberos_auth.
Regards
Markus
"Emmanuel Lacour" <elacour_at_easter-eggs.com> wrote in message
news:20110909120152.GC2669_at_easter-eggs.com...
> Hi,
>
> I have two squids using NTLM auth against AD. Those squids are used by
> client through a single A DNS entry (proxy.domain.tld) (so round robin).
>
> I want to switch to kerberos, but I don't know what to create with
> msktutil:
>
> - two machines with same proxy.domain.tld UPN ?
> - one machine used by both squids ?
> - it's just impossible to do ?
>
> any hints?
>
>
Received on Fri Sep 09 2011 - 14:42:46 MDT
This archive was generated by hypermail 2.2.0 : Fri Sep 09 2011 - 12:00:02 MDT