Caddy Kerberos passthrough

1. The problem I’m having:

I’m trying to reverse proxy an application server that does Kerberos authentication for handling single sign on. When doing so with Caddy SSO doesn’t work.
When doing the same with an F5 appliance automatic logon (SSO) is possible.

2. Error messages and/or full log output:

No notable logging

3. Caddy version:

2.7.6

4. How I installed and ran Caddy:

RHEL8 server with caddy installed natively

a. System environment:

d. My complete Caddy config:

myurl.mydomain.net {
        log {
                output file /var/log/caddy/myurl.log
        }
        reverse_proxy hostname.domain:8090 {
        }

        tls "/etc/ssl/certs/caddy/certificate.cer" "/etc/ssl/certs/caddy/certificate.key" {
        }
}

I assume you’re looking for GitHub - caddyserver/ntlm-transport: NTLM reverse proxy transport module for Caddy ?

Aren’t Kerberos and NTLM different protocols/standards?

I don’t know anything about Microsoft’s protocols. It’s all a black box to me.

Caddy likely lacks Kerberos pass-through support. Use F5 for SSO or explore Caddy plugins like caddy-auth-portal for alternatives.

After spending hours and even trying Apache we finally figured it out…

You can’t use a CName when trying to do Kerberos. That causes the client to fallback to NTLM.
After changing the CName to an A-Record everything works fine now