Kerberos for web proxy clients

No I don't use an iRule on the GTM. Here the wideIP and pool from the config of my GTM:

wideip {
   name         "proxyfarm.gtm-domain.net"
   partition "Common"
   pool         "proxyfarm-global"
}

pool {
   name           "proxyfarm-global"
   ttl            30
   preferred      rtt
   alternate      packet_rate
   fallback       qos
   partition "Common"

   member         ltm-site1:84
   member         ltm-site2:84
}

Same is configured for the proxy pac servers. I have a Wide IP proxyconf.gtm-domain.net which is balancing with the same method to my LTMs.

Here some parts from my LTM config:

virtual proxy-uba {
   pool proxy-uba
   destination V-IP:84
   ip protocol tcp
   profiles fastL4
   persist source_addr
}
pool proxy-uba {
   lb method least conn
   action on svcdown reselect
   monitor all isa_85
   members
      member1:85
      member2:85
      member3:85
      member4:85
      member5:85
      member6:85
      member7:85
}

virtual proxyconf.gtm-domain.net {
   pool proxyconf
   destination V-IP:http
   ip protocol tcp
}
pool proxyconf {
   lb method least conn
   action on svcdown reselect
   monitor all proxyconf_84
   members
      member1:84
      member2:84
}
 

Please let me know if you have an idea or need further details.

Maybe there is a chance/way to create an iRule on the LTMs to make Kerberos authentication possible as the clients

are passing the LTMs for fetching the PAC file and getting to the Internet over the proxies.