Solved

Why does Kerberos Authentication work -- When it shouldn't?

Posted on 2012-04-04
4
305 Views
Last Modified: 2012-04-04
I've read a lot about the Kerberos protocol and lately some about Kerberos authentication in SharePoint, how you must configure this and that (SPN) to make it work.

So now I've taken time to test this, and guess what -- Kerberos authentication works fine without SPNs etc. I configure web applications to use classic or claims-based authentication, but there is not difference from when configure them to use NTLM.

I've been iisresetting, restarting, loggin in and out, using several web apps, different accounts, etc, etc, using web parts with links and such to other web apps and so forth, accessed the site from different machines, etc, but I cannot have the site not functioning properly for me.

(This is a virtual Active Directory environment with Windows Server 2008 R2 and Windows 7 machines, and SharePoint Server 2010 SP1.)

What am I doing wrong, I just can't get this Kerberos authentication to not work.  ;-)
0
Comment
Question by:Jack_A_Roe
  • 2
  • 2
4 Comments
 
LVL 29

Expert Comment

by:Paul Jackson
ID: 37805664
Where is your sharepoint server installed on a separate machine or on the WIndows server 2008 R2. You only need to setup delegation and spns if the sharepoint server is installed on a separate machine or one that is not a Domain Controller.
0
 

Author Comment

by:Jack_A_Roe
ID: 37805676
Thank you for your comment.

There is basically three machines in this environment: 1 DC, 1 WFE w. SQL, and 1 client. Both servers are Windows Server 2008 R2, SharePoint version is SharePoint Server 2010, SQL is Microsoft SQL Server 2008 R2, and the client is Windows 7. Internet Explorer is 8 on servers and 9 on client.
0
 
LVL 29

Accepted Solution

by:
Paul Jackson earned 500 total points
ID: 37805690
OK because your WFE and SQL are on the same machine you don't run into the 'double hop' problem which requires the setup of delegation and SPNs, if your SQL was on a separate machine to the WFE you would need it.
0
 

Author Comment

by:Jack_A_Roe
ID: 37805707
Oh, darn! - Thank you very much, jacko72!  :-)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you create your solutions on SharePoint sooner or later you will come upon a request to set  permissions of the item depending on some of the item's meta-data - the author, people assigned as approvers, divisions, categories etc. The most natu…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now