Re: [squid-users] kerberos and cname

From: Carlos Defoe <>
Date: Fri, 11 Oct 2013 03:10:31 -0300

You have to add principals for each hostname on your keytab
HTTP/, creating user or computer accounts to hold
each kerberos principal. If you're load balancing, copy your keytab
file to all servers.

Then you have to set the flag "GSS_C_NO_NAME" in the helper line at squid.conf.

On Fri, Oct 11, 2013 at 2:10 AM, Marko Cupać <> wrote:
> I have squid box named, but all the clients' browsers
> are configured to access it by its CNAME which is This
> way I am able to install new server named squidXX, test it, and once
> everything is fine I can change CNAME to point to the new server.
> This worked fine when I was switching from no auth to NTLM, but not now
> when I am switching to kerberos. I have created keytab for
> HTTP/squid03.example.com_at_EXAMPLE.COM and clients are authenticated fine
> if their browsers are configured with, but not with
> Is it possible to make kerberos work with CNAME?
> --
> Marko Cupać
Received on Fri Oct 11 2013 - 06:10:44 MDT

This archive was generated by hypermail 2.2.0 : Fri Oct 11 2013 - 12:00:04 MDT