Hello, I'm having some issue with squid_kerb_ldap in its handling of SPN's in the specified keytab file. I'm hoping I'm just missing something. I have a Windows Forest with multiple child domains, all trusting each other. I'd like to have one SPN authorize users for all of the child domains and not have to setup a user account in each domain tied with a dedicated SPN for that domain. From previous posts that seems to be the only solution when squid_kerberos_ldap looks for the users realm and match that realm with one in the keytab file. Is there not an argument like squid_kerb_auth has ( " -s <SPN>" ) where I can specify exactly which SPN to use to bind to ldap? Is there another way? I read about setting [capaths] in krb5.conf but that doesn't seem to help much. Any help is much appreciated!!! Sincerely, M deJong
