Last Modified: May 29, 2024
Affected Product(s):
BIG-IP APM
Known Affected Versions:
14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4
Fixed In:
14.1.0, 14.0.0.5
Opened: Aug 02, 2018 Severity: 3-Major
Kerberos auth fails and the client get credentials prompt (although it does not work even when entering credentials).
Kerberos authentication fails.
1. Configure SWG explicit or transparent proxy. 2. Configure start -> 401 negotiate -> variable assign <session.server.network.name = return "your_proxy_fqdn"> (required for Kerberos auth) -> Kerberos auth in main access policy. 3. Configure start -> SSL check -> [HTTPS | HTTP ] -> category lookup -> allow in per-request policy. 4. Send HTTP/HTTPS request from explicit or transparent client.
Change the permission and ownership of the Kerberos keytab file with these commands: chmod 640 <Kerberos keytab file> chgrp root <Kerberos keytab file>
The permission of the Kerberos keytab file will be rw-r----- tomcat root which will make sure Kerberos auth does not fail.