Forum Discussion

Nimbostratus

Oct 04, 2017

Alternate realm for a real domain in BIG-IP

We have an interesting problem after we implemented BIG-IP in our organization. Situation: we have an AD forest with one top level domain (mycompany.local) and 10 child sub-domains (one is com....

alternate realm

application delivery

authentication redirection

big-ip

stan_piron

Cumulonimbus

Oct 06, 2017

Hi,

I don't understand the issue...

when working with kerberos, 2 informations are used:

sAMAccountName
REALM

these information are sent with a format like UPN but not UPN:

sAMAccountName@REALM

when working with Kerberos Auth:

the client requests the web site
the server requests a kerberos auth
the client requests to the KDC to get kerberos ticket.
the client requests the web site including the token
the server (here the F5) decrypt the token. if decryption successful, user is authenticated. there is no communication to the KDC from the server.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Alternate realm for a real domain in BIG-IP

Jeff - May 2026 Featured F5er

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

Recent Discussions

certitcate error

Layered ASM for APM login page protection

migrate from serie I to R. Cluster LTM-GTM

APM URL encoding Hardening?

Trial License for F5 virtual edition in eve-ng

Related Content

F5 BIG-IP Zero Trust Access

Automating Certificate Management on F5 BIG-IP

What's new in BIG-IP v21.0?

BIG-IP Geolocation Updates – Part 7

VMware VKS integration with F5 BIG-IP and CIS

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS