DNS hack for kerberos?

Question

hi out there&nbsp;
I am testing a setup with kerberos and sso on a f5 bigip 11.3 with ltm and apm. I have a minor problem here with kerberos - I am right now not able to define a PTR record for the webserver which I try to access through a apm kerberos sso - so it cannot find the correct domain for the realm. But is there a simple way I could trick it on the f5? I have tried to add the IP-adresse to the hosts file - no difference as far as I can see - could I active a dns server on it and use this?&nbsp;

kunjan · Answer

SSO will use the PTR record to fill in the SPN. If you can specify the SPN pattern in the Kerberos SSO profile, I think you can get rid the PTR lookup as SSO will use the SPN specified in this field. &nbsp;
APM won't use the host file.&nbsp;

kunjan · Answer

You can specify SPN in HTTP/WEB01.dom1.dk format. &nbsp;
My mistake, actually you should be able to use the host file as well. It works in my testing. APM has problem with host file in Portal context. &nbsp;&nbsp;
You can do a debug for websso and look in logs to see where it is failing. &nbsp;

Forum Discussion

DNS hack for kerberos?

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

Cisco TACACS+ Config on ISE LTM Pair

Related Content

Tracks, Hacks, and Time to Relax

F5 XC Distributed Cloud DNS GSLB implementing Split-DNS

Troubleshooting Kerberos Constrained Delegation: Strong Encryption Types Allowed for Kerberos

Scary Hack Stories! ‌👻‌

Oracle hack, North Korean Hackers, Critical Flaw in Apache

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS