You don't have to join a domain. You only need a Kerberos authentication
server to get a ticket.
You only need AD (or Samba) if you want also authorisation (PAC data) in you
Kerberos ticket.
As Amos said you need a Kerberos client and a Browser supporting
Proxy-Negotiate.
Markus
"Amos Jeffries" wrote in message
news:36775d21-090a-e22a-bec0-78edc57541a9@xxxxxxxxxxxxx...
On 08/05/18 10:22, Panagiotis Bariamis wrote:
Hello,
Is it possible with a squid kerberos only authentication setup be able
to authenticate ie android phones to squid?
I don't have an answer for that, maybe someone else has experience. If
you have the environment available you could try it yourself.
A second question. If a non domain joined machine tries to use the proxy
will there be a username password prompt where if correct credentials
are presented he will be able to get a ticket to use squid?
Maybe, unlikely though IMO. Getting a ticket requires first joining the
domain. Some client software may provide a popup and then try to contact
a DC and join a domain.
But whether a) the specific client software does that, and b) whether
info about the domain DC server is available in DNS records, and c)
whether the Kerberos realm "domain" matches the proxy DNS record domain
- all those effect the possibilities AFAIK.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
