Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.0.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.5.1 HF1, 11.6.1 HF1, 11.5.1 HF2, 11.6.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.6.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.0.0
Opened: Mar 17, 2015 Severity: 3-Major Related Article:
K16483
When you configure single sign-on (SSO) using Kerberos, and you do not fill in the KDC field on the configuration page (Access Policy > SSO Configurations > Kerberos) , you may encounter an error. The error may be similar to: <Date> slot2/BIGIP1 err websso.0[29236]: 014d0005:3: Kerberos: can't get TGT for host/svcf5kerberos.corpdev.apdev.local@CORPDEV.APDEV.LOCAL - Cannot contact any KDC for realm 'CORPDEV.APDEV.LOCAL' (-1765328228)
SSO fails
This occurs if you do not specify a value for KDC when configuring SSO with Kerberos.
Has a workaround, administrator should edit /etc/krb5.conf file manually and set option dns_lookup_kdc=true Note that this workaround is: not synced across cluster not backed up not audited not upgrade safe not re-provision safe may revert during other maintenance operations
None