FileMaker Server 220.127.116.115
OS X 10.10.5 (Server) and OS X 10.10 - 10.11 (Clients)
Description: Our Open Directory server is seeing requests for kerberos service tickets when users log into FileMaker.
FileMaker Server using External Authentication and is anonymously bound to Open Directory.
When web users are logging in, we're seeing requests for kerberos (SSO) service tickets from the FileMaker Server to the Open Directory Server. This does not occur when FM Client users log in.
12/11/2015 9:22:33.779 AM kdc: TGS-REQ webUsername@openDirectoryServer.UNA.AB.CA from filemakerServer:64833 for host/fileMakerServer.una.ab.ca@openDirectoryServer.UNA.AB.CA [forwardable]
TGS-REQ = request from the client for service granting ticket (service presumably the web service not filemaker)
host/fileMakerServer.una.ab.ca@openDirectoryServer.UNA.AB.CA = this is the service ticket the client is asking for
We are under the assumption that Kerberos (SSO) only works between Windows clients and Active Directory, however this appears to be related to the Web Publishing engine, not client <--> server connections.