APM SSO Kerberos Defaults to NTLM??

Question

I currently have Kerberos single sign on configured successfully in APM. I was wondering why my Kerberos configuration is called "myconfigname"_ntlm_kerberos? Is it defaulting to NTLM in the event that Kerberos fails? If so, is there a way to set it up to use Kerberos only? Using NTLM is a STIG violation here.

kevin_stewart · Answer

Need more information.&nbsp;
Was this configuration built by some iApp?Do you have an NTLM SSO profile defined?Are you talking specifically about server-side auth (SSO), vs. client-side auth (AAA)?

bac81987_341588 · Answer

Yes I did make it with an iAppI do not have an NTLM SSO profile defined
I mean server-side auth (SSO)&nbsp;
Thanks for the quick reply!&nbsp;

kevin_stewart · Answer

Then this is just a naming convention of the iApp. If there's no NTLM SSO profile it's not going to failover to NTLM.&nbsp;

bac81987_341588 · Answer

Understood, thanks!&nbsp;

Forum Discussion

APM SSO Kerberos Defaults to NTLM??

Recent Discussions

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

FTP PASV mode to Extended Passive mode

Oracle JDBC SSL Termination failing on F5

APM for banner and cert

An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

Related Content

Troubleshooting Kerberos Constrained Delegation: Strong Encryption Types Allowed for Kerberos

Configuring APM Client Side NTLM Authentication

NTLM

A Closer Look at mTLS and the Default Server in F5 NGINX

Persist connection based on NTLM username

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS