Last Modified: Apr 04, 2025
Affected Product(s):
BIG-IP APM
Fixed In:
17.5.0
Opened: Sep 10, 2024 Severity: 3-Major
Kerberos usage with multiple domains fails for child domain users. Although a transitive trust is established between user forest and service AD, the child domain user is not able to access the services from service AD after upgrading the krb5 library from 1.14 to 1.18.2.
Child domain users are not able to access the services from service AD.
In a cross-domain Kerberos SSO scenario, child domain users access the services from service AD.
Need to create external trust between service AD and the child domain machine.
Upgrade krb5 library to krb5-1.19.1 version.