Forum Discussion
Stefan_Finke_83
Nimbostratus
Jul 20, 2012APM 11.2: Kerberos AAA ServiceName configuration
I'm configuring a Kerberos AAA Server for Kerberos end user login in an ActiveDirectory Domain. In the AAA Configuration page, I set up my Service Name formed as serviceName/hostname@kerberosrealm (as...
Kevin_Stewart
Employee
Oct 19, 2012In case you're still having this problem, the guidance is admittedly confusing in this respect.
The service name in the Kerberos AAA object should simply just be 'HTTP'. The Auth Realm will be the fully qualified domain name of the Kerberos realm. To explain, APM does a little magic behind the scenes. When a client request comes in, it takes the host name, adds the service name to the front, and the auth realm to the end, to get the SPN which it then retrieves from the keytab file.
ex. servicename/host_name@auth_realm
So in your scenario, APM is creating the string 'servicename/hostname/hostname@auth_realm', which wouldn't exist in the keytab file.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects