Forum Discussion

Nimbostratus

Jan 15, 2016

Kerberos 401 authentication with form fallback

Hello, we are using APM for SAML authentication. Domain joined machines should authenticate transparently with Kerberos, users without the ability to use Kerberos (non domain joined, Firefox wit...

BIG-IP Access Policy Manager (APM)

Employee

Oct 07, 2018

JoeTheFifth,

What do you mean by adding all spns ?

You can "overload" the keytab file by using the -in option with ktpass:

ktpass -princ  -mapuser  -ptype KRB5_NT_PRINCIPAL -pass 'password' -in  -out c:\keytab.next

You'd run this command for each SPN, adding the resulting key information to the last keytab file.

If you want to avoid the initial 401 response you have to configue IE and Firefox for that

Even if you put the URL in the browser's trusted intranet sites list, I believe (specifically for Kerberos) that the browser still makes an initial anonymous request.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Kerberos 401 authentication with form fallback

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Transparent Kerberos Authentication and APM fallback authentication

APM Kerberos Auth or fallback to another authentication method

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Lightboard Lessons: Basic Kerberos Authentication

Troubleshooting Kerberos Constrained Delegation: Strong Encryption Types Allowed for Kerberos

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS