• Browse
  • Pages
  • Blog
  • Labels
  • Attachments
  • Bookmarks
  • Mail
  • Advanced

  • People Directory
• Log In
• Sign Up

1. Dashboard
2. SharePoint 2007 Administration Wiki
3. Home
4. SharePoint + Kerberos

• Log In
• Sign Up

SharePoint + Kerberos

• Page restrictions apply
• Added by Jeremy Thake, last edited by Alexey Krasheninnikov on May 20, 2009  (view change)
• show comment hide comment

Comment: Corrected links

Table of Contents Recently Updated Eric Fontaine SharePoint Versions updated Sep 01 (view change) Paul Hunt Moving Content from one environment to another using Content Deployment commented Aug 02 Iain Wyatt SharePoint Versions updated Jul 07 (view change) Jeremy Hofman Database Security created Apr 13 Aaron Lademann How to pick a SharePoint Hosting provider updated Apr 01 (view change) Karim R How to pick a SharePoint Hosting provider updated Mar 31 (view change) Joe Gasper SharePoint Versions updated Mar 25 (view change) Jeremy Thake SharePoint 12 Hive File Differences from SP1 to SP2 updated Jan 18, 2010 (view change) SharePoint User Accounts for Least Privilege Installs updated Jan 18, 2010 (view change) Working out how YOUR 12 Hive is different updated Jan 18, 2010 (view change) SharePoint Versions updated Jan 18, 2010 (view change) Finding out what account was used to setup SharePoint updated Jan 18, 2010 (view change) PowerShell Script to Report on Active Directory Group usage in SharePoint Groups updated Jan 13, 2010 (view change) Jag SRK SharePoint Versions updated Dec 22, 2009 (view change) What artifacts need backing up in an SharePoint Environment? commented Dec 18, 2009 More

I'm not sure why but Kerberos has the ability to send shivers down SharePoint Consultants spines. It has a lot to do with the fact that up until SharePoint Kerberos was really only relevant or setup for Reporting Services to prevent the "double hop" issue. Typically Active Directory Adminstrators do not know anything about Kerberos (I'm generalising slightly here). Why Kerberos? Double Hop Security Issue With SharePoint farms running across multiple servers in certain circumstances it is necessary to prevent the double hop issue. Performance There has been talk about the performance gains with SharePoint and Kerberos configuration over NTLM due to only fetching the token once reducing the chatter between the domain controllers. This is discussed in on the SharePointPodShow and also in Spence Harbar and Bob Fox's presentation (link below) External References I want to build this section of the wiki up and starting with a few good links: Spence Harbar & Bob Fox #SPBPC presentation on Kerberos Configuring Kerberos for SharePoint 2007: Part 1 - Base Configuration for SharePoint *Enabling Kerberos authentication for an Office SharePoint Server 2007 farm deployment SPN Command Calculator Articles by Jesper Christensen for WindowSecurity.com: Kerberos in a Sharepoint Environment Troubleshooting Kerberos in a Sharepoint Environment (Part 1 - DateTime, Accounts and SPN, Tools) Troubleshooting Kerberos in a SharePoint environment (Part 2 - Duplicate SPN, DNS) Troubleshooting Kerberos in a Sharepoint Environment (Part 3 - Delegation, Impersonation, SSP, host headers) Labels parameters Labels time time Delete service service Delete dns dns Delete security security Delete principal principal Delete spn spn Delete name name Delete impersonation impersonation Delete authentication authentication Delete kerberos kerberos Delete delegation delegation Delete Enter labels to add to this page:   Looking for a label? Just start typing.

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License. Hosted generously by CustomWare