Closed tooptoop4 closed 1 year ago
Yes this should work with HTTPS. The kerberos credentials are sent in the HTTP headers. The challenge with load balancing is mainly when the load balancer uses NAT on the source IP address. The kerberos ticket can be linked to the IP address of the client and if the load balancer NATs the source address this can cause an issue. If this is a problem for you look at the extra_addresses
and noaddresses
options in the krb5.conf.
If I use this lib to host a service which will allow krb authentication will it work if I have ALB in front that only accepts HTTPS traffic not HTTP/TCP ?