Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
413
Views
0
Helpful
1
Replies

Kerberos Authentication thru CSS 11501

yycsandman007
Level 1
Level 1

‎04-19-2007 09:40 AM

Hi there...I am having some issues surrounding kerberos authentication thru the CSS...not too much available either on cisco website or google...has anyone done this successfully before? We have some https sites sitting behind the CSS, and they use kerberos to authenticate users. Sniffer captures are not proving helpful either.

Any advice or suggestions would be greatly appreciated...

Thanks in advance!

Sandeep

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎04-19-2007 09:51 AM

the problem with kerberos is that the user must first sends a request to kerberos server that delivers a token to then contact the destination server.

Here the user will use the vip ip to request the token and when contacting the destination the ip is different and the token not accepted.

I had an issue like this in a long time ago and I don't think we ever found a solution.

Did you try to configure loopback ip addresses on the server that would be the same ip as the vip ?

Then configure service of type transparent on the CSS.

Or contact the kerberos admin guy to see if he knows a way to have a token valid on multiple platforms.

Gilles.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents