On Tue, May 8, 2018 at 9:03 AM, Amos Jeffries <[email protected]> wrote:
> On 08/05/18 10:22, Panagiotis Bariamis wrote: > > > > >> A second question. If a non domain joined machine tries to use the proxy > >> will there be a username password prompt where if correct credentials > >> are presented he will be able to get a ticket to use squid? > > >Maybe, unlikely though IMO. Getting a ticket requires first joining the > >domain. Some client software may provide a popup and then try to contact > >a DC and join a domain. > > >But whether a) the specific client software does that, and b) whether > >info about the domain DC server is available in DNS records, and c) > >whether the Kerberos realm "domain" matches the proxy DNS record domain > >- all those effect the possibilities AFAIK. > > Given the fact that all DNS entries are ok across the domain and we use MIT Kerberos , can a BYOD scenario be implemented ? I mean if the machine does not start a kinit session , will the browser start such a session and get a ticket ? Thank you , Bariamis Panagiotis
_______________________________________________ squid-users mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-users
