Configuring SharePoint 2010 with Kerberos Authentication

May 15, 2011 — Leave a comment

How to configure SharePoint 2010 with Kerberos authentication?
Before start configuring SharePoint 2010 with Kerberos, it’s better to understand what is Kerberos authentication and how it can help SharePoint.

About Kerberos authentication

Kerberos is a secure protocol that supports ticketing authentication. A Kerberos authentication server grants a ticket in response to a client computer authentication request, if the request contains valid user credentials and a valid service principal name (SPN). The client computer then uses the ticket to access network resources. To enable Kerberos authentication, the client and server computers must have a trusted connection to the domain Key Distribution Center (KDC). The KDC distributes shared secret keys to enable encryption. The client and server computers must also be able to access Active Directory Domain Services (AD DS). For AD DS, the forest root domain is the center of Kerberos authentication referrals.

To deploy a server farm running Microsoft SharePoint Server 2010 using Kerberos authentication, you must install and configure a variety of applications on your computers. This article describes an example server farm running SharePoint Server 2010 and provides guidance for deploying and configuring the farm to use Kerberos authentication to support the following functionality:

  • Communication between SharePoint Server 2010 and Microsoft SQL Server database software.
  • Access to the SharePoint Central Administration Web application.
  • Access to other Web applications, including a portal site Web application and a My Site Web application.

    Read More: Configure Kerberos authentication (SharePoint Server 2010)

 

Step by step instruction how how to configure SharePoint 2010 with Kerberos Authentication
Source: Configuring SharePoint 2010 with Kerberos Authentication

Follow the steps below to be absolutely sure of the account responsible for running the site that will support kerberos authentication.  If SharePoint has already been configured verify your application pool account is, in fact, running the IIS application pool that supports the website where Kerberos is enabled

Configuring SharePoint 2010 with Kerberos Authentication - Step 1

Open the web application that will support Kerberos and make a note of the application pool that supports this web application (note that you may have more than one web application for the same data for such cases as http and https so take care to determine the exact web application)

Configuring SharePoint 2010 with Kerberos Authentication - Step 2

Make a note of the account that is the identity of this application pool, later this account must be trusted for “Delegation”. 

* If the application pool is “Network Service” then Kerberos cannot be configured, the application pool account configured through Central Administration must be a domain account.

Configuring SharePoint 2010 with Kerberos Authentication - Step 3

Read More from the original post:

Configuring SharePoint 2010 with Kerberos Authentication

No Comments

Be the first to start the conversation!

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s