Kerberos Authentication with End-User Logons KeyTab files

Question

Greetings,When configuring APM for Kerberos Auth with End-User logons a keytab file must be generated and uploaded to the Big IP.  Does a keytab file need to be created for each application?  My first instinct is that it should indeed be created for each app.  Can anyone validate or invalidate that?  Thanks.&nbsp;

keesvandenbos · Answer

You can add multiple principal's to the same keytab file.

Or you could have one SAML IdP virtual server with Kerberos Auth and all you app's behind SAML SP virtual servers. You would only need a keytab file for the IdP Virtual server and you can add as many SP virtual servers as needed (so there is no need to create a new keytab or modify the keytab fill if you add extra applications that need authentication.

Cheers,

Kees

angel_montero · Answer

Thanks, I appreciate the response. Multiple principals to the same keytab is music to my ears. In addition, I will be moving to the SAML IDP eventually. However, that is a bit down the road.

Angel

Forum Discussion

Kerberos Authentication with End-User Logons KeyTab files

2 Replies

How I did it - "High-Performance S3 Load Balancing of Dell ObjectScale with F5 BIG-IP"

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

delete SNMP users via tmsh

Issue with 2 parallel F5 clusters

F5 doesn't signatures for cve

Is there a way to export BigIP Analytics http captured transactions?

REST API example change password

Related Content

DEVCENTRAL END-USER LICENSE AGREEMENT

Javascript injecting systems effect on web application end users - a scenario review

Transparent Kerberos Authentication and APM fallback authentication

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Customizing APM end user login page with APM Advanced Customization Templates

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS