Bypassing Kerberos for web-based apps
About this Document
In this document, we explain how to bypass Kerberos authentication for cloud-based applications in network environments that use the AXS Guard proxy server. Even though we use Dropbox as an example, the procedure also applies to other cloud-based applications.
The Dropbox client does not support Kerberos authentication.
If the AXS Guard has been configured to enforce Kerberos authentication
for web access and is configured as your workstation’s proxy server, the
Dropbox client will attempt to use proxy
authentication and authenticate as the user
To bypass this behavior, you must create a dedicated Dropbox user account on the AXS Guard and assign a specific Dropbox ACL to this account. Finally, the proxy settings of the Dropbox client must be correctly configured on the workstation.
Create a Web Access List
Log in to the AXS Guard appliance
Go to Web Access > Filters > Lists
Create a new list and add the Dropbox URLs. See the official Dropbox documentation to know which URLs should be added.
Create a Dropbox Category
Go to Web Access > Filters > Categories.
Add a new category for the Dropbox URLs. Add the list created in the previous step.
Create a Web Access ACL
Go to Web Access > Filters > ACL
Create a new ACL which only allows access to the Dropbox category created in the previous step.
Create a Dedicated User
Go to Users & Groups > Users.
Create a new user, e.g.
dropbox, with a static password.
Select the Web Access tab and assign the Dropbox ACL created in the previous step.
Configure the Dropbox Client
Configure the proxy settings of your Dropbox client. Enter the username
and password of the dedicated AXS Guard
dropbox user. See the official
Dropbox documentation for additional