For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Tom_112729's avatar
Tom_112729
Icon for Nimbostratus rankNimbostratus
Nov 27, 2013

Monitor http application (users authenticating to web serwers with kerberos)

Hello,   Currently web servers, which are load balanced by LTM, are configured to serve content only if user authenticates properly with them by Kerberos protocol. Every "http Get" is authenticate...
availability
deployment
design
microsoft
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Nov 27, 2013

You cannot do this now because, for reasons still bewildering, all of the GSSAPI/SPNEGO binaries have been stripped from the product. I would recommend the following options:

 

  1. Add your name to the feature request case.

     

  2. The HTTP monitor in v11 will fail over to NTLM if Basic doesn't work. If you can configure your server to accept Kerberos AND NTLM, that may be an option.

     

  3. Create a separate site pointing to the same content, or a specific path or test page with no or limited auth requirements and use that in an external monitor.