Forum Discussion

elastic_82555's avatar
elastic_82555
Icon for Nimbostratus rankNimbostratus
Apr 26, 2013

kerberos and ntlm authentication using APM

Hi,   I have setup sharepoint 2010 iApp, using NTLM authentication and it is working well(using the F5 login page), however, I now have a requirement to use kerberos authentication, as well...
app sec
BIG-IP Access Policy Manager (APM)
security
Davo_T_20783's avatar
Davo_T_20783
Icon for Nimbostratus rankNimbostratus
Feb 19, 2014

The orginal question submitter is confused about the role of the APM. He implies that he is not seeking a F5 APM managed KPT but just wants kerberos SSO to carry on working with a F5 LTM load balancing virtual server in the path. Easy - forget about the APM - it's not required for this scenario - the F5 can just pass through the SPNEGO portion of the header from the client. While I can't vouch for the specifics of Sharepoint portal, the reason why he is struggling I suspect is due to DNS lookup part of the Kerberos protocol. It is a common mistake to make an application SPN based on the DNS cname of the F5 virtual server instead of using the FQDN of DNS a-record for the VIP that the F5 pool is using.

 

hth. David.