This can be seen here but also applies to other helpers that use Kerberos. https://github.com/squid-cache/squid/blob/5b74111aff8948e869959113241adada0cd488c2/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc#L490
adcli (which realmd uses for AD joins) supports lowercases all SPNs when adding them to a keytab. Whether HTTP/ or http/ SPNs are valid is up for debate and really depends on the convention of the tool in question but I see no harm in supporting lowercase http/ in addition to HTTP/ SPNs. As far as I can see even supplying your own SPN does not allow http/ (lowercase) This would provide compatibility with adcli and realmd join which are common tools for AD management on CentOS/RHEL. Thanks Mike _______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
