F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

fernandohcsilva's avatar
fernandohcsilva
Icon for Nimbostratus rankNimbostratus
Dec 11, 2017

Authentication NTLM client and server side

Is it possible to configure the APM module for NTLM client-side authentication with HTTP 401 Response and consume on server-side NTLM authentication?   We have a demand to configure client and ser...
application delivery
BIG-IP Access Policy Manager (APM)
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Dec 11, 2017

Hi,

 

during NTLM authentication, server doesn't receive user password. so if you enable NTLM authentication on client side, F5 doesn't know user password to use it for server side authentication. it is not a F5 APM limitation but a NTLM proxy limitation. Microsoft TMG had the same limitation.

 

when working with NTLM client side authentication, a password-less authentication must be used on server side. the one used in such deployment is Kerberos Contrained delegation (Kerberos SSO)