For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Angel_Montero's avatar
Angel_Montero
Icon for Nimbostratus rankNimbostratus
Jun 18, 2019

Kerberos Authentication with End-User Logons KeyTab files

Greetings, When configuring APM for Kerberos Auth with End-User logons a keytab file must be generated and uploaded to the Big IP. Does a keytab file need to be created for each application? My fi...
application delivery
BIG-IP Access Policy Manager (APM)
LTM
KeesvandenBos's avatar
KeesvandenBos
Icon for MVP rankMVP
Jun 18, 2019

You can add multiple principal's to the same keytab file.

 

Or you could have one SAML IdP virtual server with Kerberos Auth and all you app's behind SAML SP virtual servers. You would only need a keytab file for the IdP Virtual server and you can add as many SP virtual servers as needed (so there is no need to create a new keytab or modify the keytab fill if you add extra applications that need authentication.

 

Cheers,

 

Kees

  • Angel_Montero's avatar
    Angel_Montero
    Icon for Nimbostratus rankNimbostratus
    Jun 24, 2019

    Thanks, I appreciate the response. Multiple principals to the same keytab is music to my ears. In addition, I will be moving to the SAML IDP eventually. However, that is a bit down the road.

     

    Angel