Solved

Why does Kerberos Authentication work -- When it shouldn't?

Posted on 2012-04-04
4
311 Views
Last Modified: 2012-04-04
I've read a lot about the Kerberos protocol and lately some about Kerberos authentication in SharePoint, how you must configure this and that (SPN) to make it work.

So now I've taken time to test this, and guess what -- Kerberos authentication works fine without SPNs etc. I configure web applications to use classic or claims-based authentication, but there is not difference from when configure them to use NTLM.

I've been iisresetting, restarting, loggin in and out, using several web apps, different accounts, etc, etc, using web parts with links and such to other web apps and so forth, accessed the site from different machines, etc, but I cannot have the site not functioning properly for me.

(This is a virtual Active Directory environment with Windows Server 2008 R2 and Windows 7 machines, and SharePoint Server 2010 SP1.)

What am I doing wrong, I just can't get this Kerberos authentication to not work.  ;-)
0
Comment
Question by:Jack_A_Roe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 29

Expert Comment

by:Paul Jackson
ID: 37805664
Where is your sharepoint server installed on a separate machine or on the WIndows server 2008 R2. You only need to setup delegation and spns if the sharepoint server is installed on a separate machine or one that is not a Domain Controller.
0
 

Author Comment

by:Jack_A_Roe
ID: 37805676
Thank you for your comment.

There is basically three machines in this environment: 1 DC, 1 WFE w. SQL, and 1 client. Both servers are Windows Server 2008 R2, SharePoint version is SharePoint Server 2010, SQL is Microsoft SQL Server 2008 R2, and the client is Windows 7. Internet Explorer is 8 on servers and 9 on client.
0
 
LVL 29

Accepted Solution

by:
Paul Jackson earned 500 total points
ID: 37805690
OK because your WFE and SQL are on the same machine you don't run into the 'double hop' problem which requires the setup of delegation and SPNs, if your SQL was on a separate machine to the WFE you would need it.
0
 

Author Comment

by:Jack_A_Roe
ID: 37805707
Oh, darn! - Thank you very much, jacko72!  :-)
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When installing SharePoint 2010 RTM I came across a strange error, I was getting timeouts during the installation. I searched the web and found the best solution to be found here (http://social.msdn.microsoft.com/Forums/en-US/sharepoint2010genera…
When using a search centre, I'm going to show you how to configure Sharepoint's search to only return results from the current site collection. Very useful when using Office 365 with multiple site collections.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question