Bug ID 739024: Kerberos auth fails intermittently after upgrade from v14.0.0

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4

Fixed In:
14.1.0, 14.0.0.5

Opened: Aug 02, 2018

Severity: 3-Major

Symptoms

Kerberos auth fails and the client get credentials prompt (although it does not work even when entering credentials).

Impact

Kerberos authentication fails.

Conditions

1. Configure SWG explicit or transparent proxy. 2. Configure start -> 401 negotiate -> variable assign <session.server.network.name = return "your_proxy_fqdn"> (required for Kerberos auth) -> Kerberos auth in main access policy. 3. Configure start -> SSL check -> [HTTPS | HTTP ] -> category lookup -> allow in per-request policy. 4. Send HTTP/HTTPS request from explicit or transparent client.

Workaround

Change the permission and ownership of the Kerberos keytab file with these commands: chmod 640 <Kerberos keytab file> chgrp root <Kerberos keytab file>

Fix Information

The permission of the Kerberos keytab file will be rw-r----- tomcat root which will make sure Kerberos auth does not fail.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips