Bug ID 561348: krb5.conf file is not synchronized between blades and not backed up

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.4.1, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2

Fixed In:
13.0.0, 12.1.2, 11.6.1 HF2, 11.5.4 HF3

Opened: Dec 04, 2015
Severity: 3-Major

Symptoms

krb5.conf file is not in sync across all blades. this may cause a feature (Kerberos SSO / Kerberos Auth) to not work as expected.

Impact

Kerberos Auth / Kerberos SSO does not work properly on all blades.

Conditions

When administrator made changes to krb5.conf file manually, the configuration file is not synchronized to all blades or is lost upon upgrade.

Workaround

None.

Fix Information

The APM code now automatically synchronizes the changes to /etc/krb5.conf file to all devices in the Failover Device group. Any change made to this file either in Active Device or Standby device will be automatically synced to other device. In Chassis, all the Secondary blades will mirror the file on the Primary blade. Any manual change done on the Secondary blade(s) will be lost. The admin has to do the changes on Primary blade only and it will be synchronized with all others blades.

Behavior Change

When admin modifies /etc/krb5.conf file, the changes are automatically updated on other devices in the same Failover Device group. When admin modifies the /etc/krb5.conf file on the primary blade of the chassis, the changes are automatically updated on all secondary blades.