Solved

Why does Kerberos Authentication work -- When it shouldn't?

Posted on 2012-04-04
4
306 Views
Last Modified: 2012-04-04
I've read a lot about the Kerberos protocol and lately some about Kerberos authentication in SharePoint, how you must configure this and that (SPN) to make it work.

So now I've taken time to test this, and guess what -- Kerberos authentication works fine without SPNs etc. I configure web applications to use classic or claims-based authentication, but there is not difference from when configure them to use NTLM.

I've been iisresetting, restarting, loggin in and out, using several web apps, different accounts, etc, etc, using web parts with links and such to other web apps and so forth, accessed the site from different machines, etc, but I cannot have the site not functioning properly for me.

(This is a virtual Active Directory environment with Windows Server 2008 R2 and Windows 7 machines, and SharePoint Server 2010 SP1.)

What am I doing wrong, I just can't get this Kerberos authentication to not work.  ;-)
0
Comment
Question by:Jack_A_Roe
  • 2
  • 2
4 Comments
 
LVL 29

Expert Comment

by:Paul Jackson
ID: 37805664
Where is your sharepoint server installed on a separate machine or on the WIndows server 2008 R2. You only need to setup delegation and spns if the sharepoint server is installed on a separate machine or one that is not a Domain Controller.
0
 

Author Comment

by:Jack_A_Roe
ID: 37805676
Thank you for your comment.

There is basically three machines in this environment: 1 DC, 1 WFE w. SQL, and 1 client. Both servers are Windows Server 2008 R2, SharePoint version is SharePoint Server 2010, SQL is Microsoft SQL Server 2008 R2, and the client is Windows 7. Internet Explorer is 8 on servers and 9 on client.
0
 
LVL 29

Accepted Solution

by:
Paul Jackson earned 500 total points
ID: 37805690
OK because your WFE and SQL are on the same machine you don't run into the 'double hop' problem which requires the setup of delegation and SPNs, if your SQL was on a separate machine to the WFE you would need it.
0
 

Author Comment

by:Jack_A_Roe
ID: 37805707
Oh, darn! - Thank you very much, jacko72!  :-)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We had a requirement to extract data from a SharePoint 2010 Customer List into a CSV file and then place the CSV file into a directory on the network so that the file could be consumed by an AS400 system. I will share in Part 1 how to Extract the Da…
I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question