F5 authentication using kerberos keytab

Question

Our network gear use tacplus for authentication and authorization. tac itself authenticates using kerberos. For one of the projects we need automated login to a F5 device using a script. Does anyone know if it is possible for the script to generate a kerberos ticket using keytab and then use the ticket to authenticate via tac/kdc. If possible, can you please point to relevant documentation/links? Thanks

score 0 · Answer 1 · answered Mar 01 '15 at 04:56

0

For this to work, at a minimum, you would need to use another F5 outfitted with Access Policy Manager to achieve the automated login. The F5 is Linux based however, and you might conisider just using an SSH key to do this.

answered Mar 01 '15 at 04:56

James Shewey

182
14

score -1 · Answer 2 · answered May 31 '13 at 01:03

You can authenticate client traffic to a virtual server using Kerberos:

Manual Chapter: Configuring Kerberos Delegation https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_implementation/sol_kerberos_delegation.html

You cannot use kerberos for admin system authentication though. Here are the supported admin auth methods:

Manual Chapter: Configuring Remote User Authentication and Authorization https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-implementations-11-3-0/26.html

Local admin database LDAP Active Directory TACACS+ Client SSL certificate / LDAP

What protocol do you want to use for your admin scripts (SSH or iControl)?

Aaron

Welcome to Server Fault! Whilst this may theoretically answer the question, [it would be preferable](http://meta.stackexchange.com/q/8259) to include the essential parts of the answer here, and provide the link for reference. — Mark Henderson, May 31 '13 at 03:01

F5 authentication using kerberos keytab

2 Answers2