Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Can F5 APM act as a Kerberos KDC proxy (like Microsoft DirectAccess) for Zscaler ZIA?

Nikoolayy1
MVP
MVP

‎10-May-2022 02:22 - edited ‎10-May-2022 02:25

Hello,

 

Zscaler ZIA can user Kerberos Authentication even for Remote users (Road Warriors as they call them) but then a KDC proxy is needed like Microsoft DirectAccess to translate the HTTPS Kerberos traffic to normal TCP (like a proxy but for Kerberos) and I was wondering if F5 APM can do the same and to provide the ticket to client that then the client sends to Zscaler. All the F5 APM features seem to be related to not send the ticket directly to the client but to act as a man in the middle.

 

https://help.zscaler.com/zia/about-kerberos-authentication

https://help.zscaler.com/zia/about-kerberos-authentication#kerberos-features

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-kkdcp/d688ea3a-04b0-45ea-8226-82a74c...

Labels:
0 Kudos
1 REPLY 1

JRahm
Community Manager
Community Manager

‎11-May-2022 08:58

let me ask around...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral
Copyright © 2023 Khoros, LLC