F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Dmetcalfe_13626's avatar
Dmetcalfe_13626
Icon for Nimbostratus rankNimbostratus
Dec 03, 2013

Kerberos/GSSAPI

I am load balancing our icewarp mail servers. SMTP is set to use port 465 for secured and is using kerberos/GSSAPI. Our F5 LTM is not part of the external mail domain. I've got POP working with SSL, as is SMTP over 25. As soon as I switch to secured on port 465 for SMTP it says the kerberos ticket did not match what it got back from the server. Unfortunately, I am doing this in a test environment wherein the ip does not yet resolve to anything so our cert will obviously not work until I register the name. What I am asking is, is there anything special I need to do to permit kerberos authentication as far as auth profiles and irules? I am assuming so. And will this work without the F5 being part of the domain against which these tickets are authenticating? It seems to communicate with it anyway as it knows enough that the kerberos ticket is invalid. Thanks anyone for any ideas.

 

application delivery
devops
iRules

1 Reply

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Dec 07, 2013

    It seems to communicate with it anyway as it knows enough that the kerberos ticket is invalid

     

    Why do you say this? Where are you seeng the error messages? Can I also assume you're not using the APM or ACA modules for Kerberos proxy on the LTM?