Hi, This is not a question, but information I wanted to share :-) Having got kerberos authentication working a few weeks ago with squid on a test box, I came back to test again and could not get kerberos to work, The Browser(s) kept sending NTLM to squid (resulting in the omnious 'BH received type 1 NTLM token' log entries). Now, the proxy in the browser had just been defined by its IP address, changing that to the FQDN suddenly allowed kerberos to work (klist showed a ticket for HTTP/FQDN), and squid was once again able to identify vis Kerberos. So be careful when defining proxy names in the browser or proxypac! Sean Boran
