Multiple Kerberos Authentications in APM

Question

Hi, we have multiple subdomains that we want to have access the same application and would like them to authenticate through the F5 using Kerberos.  We currently have the following Access Policy configured.

Any suggestions on how we can add an additional Kerberos Auth?  I have to verify, but the different domains could have a different IP range, so we could create a different branch assigned by IP address.  Would that be the most efficent way of configuring?  Is there any other options for multiple Kerberos auth?&nbsp;

fi_2016_187929 · Answer

The documentation for Kerberos Authentication with End-User Logons https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-6-0/9.html states that "You can achieve multi-domain support for Kerberos authentication through multiple virtual servers. Each virtual server must have its own access policy and its own Kerberos configuration."&nbsp;
Does that mean it would not be possible to merge a keytab file?  We have clients from multiple domains accessing F5 as an IdP with Kerberos authentication, so we cannot use multiple virtual servers.&nbsp;

fi_2016_187929 · Answer

Just following up.  Would it be possible to merge keytab files from multiple domains for End-User Logons?  Or is the only option be multiple Virtual Servers with its own access policy?&nbsp;

Forum Discussion

Multiple Kerberos Authentications in APM

2 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

Transparent Kerberos Authentication and APM fallback authentication

Multiple AD Authentication

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Doing mTLS Authentication per URL

Distributed caching of authentication requests with NGINX Ingress Controller