Last Modified: Oct 07, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.4.1, 12.1.0, 12.1.1
Fixed In:
13.0.0, 12.1.2, 11.6.1 HF2, 11.5.4 HF3
Opened: Dec 04, 2015 Severity: 3-Major
krb5.conf file is not in sync across all blades. this may cause a feature (Kerberos SSO / Kerberos Auth) to not work as expected.
Kerberos Auth / Kerberos SSO does not work properly on all blades.
When administrator made changes to krb5.conf file manually, the configuration file is not synchronized to all blades or is lost upon upgrade.
None.
The APM code now automatically synchronizes the changes to /etc/krb5.conf file to all devices in the Failover Device group. Any change made to this file either in Active Device or Standby device will be automatically synced to other device. In Chassis, all the Secondary blades will mirror the file on the Primary blade. Any manual change done on the Secondary blade(s) will be lost. The admin has to do the changes on Primary blade only and it will be synchronized with all others blades.
When admin modifies /etc/krb5.conf file, the changes are automatically updated on other devices in the same Failover Device group. When admin modifies the /etc/krb5.conf file on the primary blade of the chassis, the changes are automatically updated on all secondary blades.