Hi. I'm moving some of my caches to 3.3.x (from 3.1.x and 3.2.x). I'm using SPNEGO on some (along with kerberos_ldap_group helper). I noticed an important behaviour change comparing to the 3.1.x and 3.2.x: - squid 3.3.x requires the visible_hostname to be set to the kerberos ticket principal he's using for SPNEGO - squid 3.3.x requires the hostname of the proxy in the browser to be set - squid 3.3.x requires the hostname of the proxy in the browser to be exactly the same as kerberos principal in the ticket
If any of these conditions aren't met, the authentication fails. If these conditions are met, the authentication functions as in the previous versions (my caches are running same configs with minor alterations). But I find those requirements a bit uncomfortable. When SPNEGO isn't used, these requirements aren't needed. Is this a feature or I'm hitting some bug ? Thanks. Eugene.
