For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Oct 02, 2013

I'm not referring to the back end authentication, but rather how the client browser responds to an authentication prompt. Let's say you could determine that a user, given their IP address, was coming from the internal network. You could send them a 401 response, hope for a Kerberos token, pull that Kerberos token apart, do some lookups, whatever you want, and then send the user down the right path. If the user came from an external network, you'd present a logon form, do some lookups, whatever you want, and then send them down the right path. This is all happening on the 443 VIP by the way. So the the question remains:

 

  1. Can you differentiate internal from external users?
  2. And if not, can you use a Basic dialog instead of a form page if Kerberos fails?