Forum Discussion
Poseidon1974
Cirrostratus
CirrostratusF5 APM AES256 in keytab for Kerb Auth failed
Hi,, I am a newbie on F5 apm, currently, we have to authenticate users to access applications, I use the kerberos protocol via a keytab uploder file on the F5 apm, however, want to change encryption...
Hi Poseidon1974 ,
Please refer the following articles
https://my.f5.com/manage/s/article/K01716018#CreateKeytabKtpass
Impact of procedure: Using the ktpass command with certain parameters on a domain controller may modify the AD service account. F5 recommends that you perform this procedure during a scheduled maintenance window for the specific service.
Important: The following command uses AES256-SHA1 encryption. You must therefore select the This account supports Kerberos AES 256 bit encryption check box for the user you created in step 2.
Use these commands
ktpass
ktutil
rkt
wkt
K24065228: Troubleshooting issues with BIG-IP APM Kerberos end-user logon authentication
https://my.f5.com/manage/s/article/K24065228
https://my.f5.com/manage/s/article/K24065228#VerifyEncryption
K73872229: Configure BIG-IP APM KDC validation in AD authentication
https://my.f5.com/manage/s/article/K73872229
K01716018: Configuring Kerberos end-user logon authentication for multiple applications by merging keytab files
https://my.f5.com/manage/s/article/K01716018
https://my.f5.com/manage/s/article/K24065228
K17371: BIG-IP APM may fail to authenticate when Kerberos AAA servers have different keytab files
https://my.f5.com/manage/s/article/K17371
https://my.f5.com/manage/s/article/K000130298
https://my.f5.com/manage/s/article/K18315582
HTH
Poseidon1974Hi,
Thanks for your reply , will check this link,
Poseidon;
- Poseidon1974
HI,
i have this error :
LOCAL kvno 23 enctype aes256-cts found in keytab but cannot decrypt ticket
Can you help ?
Thanks
- Poseidon1974
Any help ?