Forum Discussion

Cypher's avatar
Icon for Cirrus rankCirrus
Mar 01, 2024

help wiht APM Kerberos to IIS Server



I want to set up F5 APM with kerberos - so user's can connect to multiple destination IIS servers in the back-end that require (Negotiate:)Kerberos Authentication. testing for 1 virtual server, but needed for multiple hostnames & virtual server.

I am using the following approach for a seamless logon (no log in pop ups). Computers are member off the domain. so are the IIS Servers.

  1. Kerberos Authentication with End-User Logons  

As i am no kerberos specialist, so working with these SPN is difficult.

DNS is properly set up with A & PTR records.

the virtual server has a DNS Name f5internalqa201.domain.local

This has a cname for the web application: bi-reports.domain.local

I have a user usr_f5intqa_kerb that can be used to create a keytab file.

I'm running version


What SPN & ktpass config is needed?

setspn ..

ktpass ..

where do i use the 'hostname'? where do i use the cname?



No RepliesBe the first to reply