Hello, I'm considering dropping the use of NTLM in favor of Kerberos (auth_param negotiate) to authenticate users against my AD 2003 server. To do this, I would like to use the squid_kerb_auth program. Prior starting my work on this, I was wondering what would happen for users not currently logged in on my domain controller (ie., users not having a valid Kerberos ticket) - for example, users at home or Mac OS X / Linux users? From my readings, Safari 3/4, Firefox 2+, IE7/8 all seems to support Kerberos authentication to a Squid proxy but for clients, it's not clear to me (after reading RFC4559) what will happen if no ticket is present when the user goes through the Squid proxy. Will it just fail? Thanks for any light you can shine on this. Best regards,
