For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Miguel_1400's avatar
Miguel_1400
Icon for Nimbostratus rankNimbostratus
Mar 08, 2022

Computer account for kerberos delegation

Hello, We actually have an account user for our SSO Kerberos profile and I would like to use computer account instead of user account for security purpose. But how can I configure my computer accou...
application delivery
security
JoshBecigneul's avatar
JoshBecigneul
Icon for MVP rankMVP
Mar 10, 2022

Hi Miguel_1400

I'm not certain that you can use a computer account, in each case that I have deployed this it has been a standard domain user account. I believe it is common practice to use a user type account as service accounts for Kerberos-enabled application authentication. Does the configuration you provided above work today?

Have you reviewed this article about Kerberos SSO for constrained delegation? K43063049: Configuring BIG-IP APM Kerberos SSO constrained delegation for portal access 

See also:
K17976428: Overview of Kerberos constrained delegation
K59350434: Troubleshooting issues with BIG-IP APM Kerberos SSO constrained delegation

Thanks,

Josh Becigneul