I am a newbie on F5 apm, currently, we have to authenticate users to access applications, I use the kerberos protocol via a keytab uploder file on the F5 apm, however, want to change encryption algorithm (RC4 to AES 256), the user sees displayed an authentication pop-up, nevertheless the authentication should be transparent for the user and does not have to enter these login/PASWD (use of the keytab file), I made a clean browser cache / restart the computer but still the same problem, following that I did a rollback with the encryption parameters (RC4), of the keytab file.
BYW : i see fallback from item 'kerberos Auth' to ending Deny , on splunk log.
Do you have any ideas ?
Thanks in advance
Hi @Poseidon1974 ,
Please refer the following articles
Impact of procedure: Using the ktpass command with certain parameters on a domain controller may modify the AD service account. F5 recommends that you perform this procedure during a scheduled maintenance window for the specific service.
Important: The following command uses AES256-SHA1 encryption. You must therefore select the This account supports Kerberos AES 256 bit encryption check box for the user you created in step 2.
Use these commands
K24065228: Troubleshooting issues with BIG-IP APM Kerberos end-user logon authentication
K73872229: Configure BIG-IP APM KDC validation in AD authentication
K01716018: Configuring Kerberos end-user logon authentication for multiple applications by merging keytab files
K17371: BIG-IP APM may fail to authenticate when Kerberos AAA servers have different keytab files