Kerberos Authentication thru CSS 11501

Unanswered Question
Apr 19th, 2007

Hi there...I am having some issues surrounding kerberos authentication thru the CSS...not too much available either on cisco website or google...has anyone done this successfully before? We have some https sites sitting behind the CSS, and they use kerberos to authenticate users. Sniffer captures are not proving helpful either.

Any advice or suggestions would be greatly appreciated...

Thanks in advance!

Sandeep

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Thu, 04/19/2007 - 09:51

the problem with kerberos is that the user must first sends a request to kerberos server that delivers a token to then contact the destination server.

Here the user will use the vip ip to request the token and when contacting the destination the ip is different and the token not accepted.

I had an issue like this in a long time ago and I don't think we ever found a solution.

Did you try to configure loopback ip addresses on the server that would be the same ip as the vip ?

Then configure service of type transparent on the CSS.

Or contact the kerberos admin guy to see if he knows a way to have a token valid on multiple platforms.

Gilles.

Actions

This Discussion