Forum Discussion
NimbostratusDNS hack for kerberos?
hi out there
I am testing a setup with kerberos and sso on a f5 bigip 11.3 with ltm and apm. I have a minor problem here with kerberos - I am right now not able to define a PTR record for the webserver which I try to access through a apm kerberos sso - so it cannot find the correct domain for the realm. But is there a simple way I could trick it on the f5? I have tried to add the IP-adresse to the hosts file - no difference as far as I can see - could I active a dns server on it and use this?
2 Replies
kunjanSSO will use the PTR record to fill in the SPN. If you can specify the SPN pattern in the Kerberos SSO profile, I think you can get rid the PTR lookup as SSO will use the SPN specified in this field.
APM won't use the host file.
- kunjan
You can specify SPN in HTTP/WEB01.dom1.dk format.
My mistake, actually you should be able to use the host file as well. It works in my testing. APM has problem with host file in Portal context.You can do a debug for websso and look in logs to see where it is failing.
