Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Jul 13, 2015

Using Kerberos Authentication on F5 without APM

Hi All,

Is it possible to have Kerberos authentication through an F5 without an APM?

Is an APM mandatory for this?

Thanks

Regards, Ramesh

application delivery

BIG-IP Access Policy Manager (APM)

1 Reply

Kevin_Stewart
Employee
Jul 13, 2015
Yes it is required.

That said, if you make the external virtual server FQDN the same as the service principal name (SPN) of the server behind the VIP, you can pass a Kerberos ticket through the VIP without APM. The client is making a ticket request, and its ticket is based on the SPN that it knows, which it derives from the web URL. APM can actually proxy Kerberos traffic, so the client can submit a Kerberos ticket directly to the VIP, and APM can request a separate ticket (different SPN) to the backend server(s).

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

Jürgen - February 2026 Featured Member

DevCentral News

ICYMI - Steve Wozniak at AppWorld 2026

DevCentral News

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5