F5 APM-Kerberos -decrypt ticket

Curious if Niels_van_Sluis could answer this one? I'll poke around to see if I can find someone else just in case Niels doesn't have time.

Hi, 

What instructions did you use to configure kerberos authentication? This knowlege article helps on debugging kerberos issues: 

Troubleshooting issues with BIG-IP APM Kerberos end-user logon authentication (f5.com)

Maybe one thing to check: Make sure in the account properties in AD in the tab 'Account' the account option 'This account supports Kerberos 256 bit encryption' is enabled.

Not solved

Not sure if I can help

https://support.f5.com/csp/article/K24065228

Verifying the Kerberos encryption configuration

The encrypted type in the keytab file must support the encryption used to encrypt the Kerberos service ticket on the client system.

To view the supported encryption types in the keytab file using the BIG-IP Configuration utility, refer to Verifying the service account name configuration on the KDC and BIG-IP APM procedure in this article.
To display the encryption used to encrypt the Kerberos service ticket, use the klist command described in the Verifying the Kerberos tickets on the client device with the klist command procedure in this article.
For more information on configuring Kerberos encryption on Windows, refer to Windows Configurations for Kerberos Supported Encryption Type.

Note: This link take you to resources outside of AskF5, and it is possible that the information may be removed without our knowledge.

F5 recommends using the AES 256 bit encryption type. To configure this, you need to enable the This account supports the Kerberos AES 256 bit encryption option on the Account tab in the AD Properties and also when generating the keytab file with the ktpass command.