looking for a solution in my case, thanks for help.
I have a haproxy in front of some Windows Server Backends. The WinServer Backends peform a Kerberos Authentication through haproxy and provide application. This is working already.
My problem is to control access to the proxy. I cant used a IP based control, because some of my testusers have daily switching IPs.
So i tried a basic auth in haproxy. I created a userlist and appropriate acl in frontend:
acl authorized http_auth(basic-auth-list)
http-request auth realm protected if !authorized
This works too, but breaks Kerberos Auth, because Authorization Header in Request is changing and Win-Backends deny access.
Iam looking for a way to combine these auths, so basic auth in the frontends and reuse original Authorisation header to the backends.