?
Solved

Why does Kerberos Authentication work -- When it shouldn't?

Posted on 2012-04-04
4
Medium Priority
?
312 Views
Last Modified: 2012-04-04
I've read a lot about the Kerberos protocol and lately some about Kerberos authentication in SharePoint, how you must configure this and that (SPN) to make it work.

So now I've taken time to test this, and guess what -- Kerberos authentication works fine without SPNs etc. I configure web applications to use classic or claims-based authentication, but there is not difference from when configure them to use NTLM.

I've been iisresetting, restarting, loggin in and out, using several web apps, different accounts, etc, etc, using web parts with links and such to other web apps and so forth, accessed the site from different machines, etc, but I cannot have the site not functioning properly for me.

(This is a virtual Active Directory environment with Windows Server 2008 R2 and Windows 7 machines, and SharePoint Server 2010 SP1.)

What am I doing wrong, I just can't get this Kerberos authentication to not work.  ;-)
0
Comment
Question by:Jack_A_Roe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 29

Expert Comment

by:Paul Jackson
ID: 37805664
Where is your sharepoint server installed on a separate machine or on the WIndows server 2008 R2. You only need to setup delegation and spns if the sharepoint server is installed on a separate machine or one that is not a Domain Controller.
0
 

Author Comment

by:Jack_A_Roe
ID: 37805676
Thank you for your comment.

There is basically three machines in this environment: 1 DC, 1 WFE w. SQL, and 1 client. Both servers are Windows Server 2008 R2, SharePoint version is SharePoint Server 2010, SQL is Microsoft SQL Server 2008 R2, and the client is Windows 7. Internet Explorer is 8 on servers and 9 on client.
0
 
LVL 29

Accepted Solution

by:
Paul Jackson earned 2000 total points
ID: 37805690
OK because your WFE and SQL are on the same machine you don't run into the 'double hop' problem which requires the setup of delegation and SPNs, if your SQL was on a separate machine to the WFE you would need it.
0
 

Author Comment

by:Jack_A_Roe
ID: 37805707
Oh, darn! - Thank you very much, jacko72!  :-)
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you create your solutions on SharePoint sooner or later you will come upon a request to set  permissions of the item depending on some of the item's meta-data - the author, people assigned as approvers, divisions, categories etc. The most natu…
I used to be SharePoint evangelist in our company, so my Outlook always full of questions about how to do this, or where I can find that. One day I found such an email with the following question: "how to attach 3-State workflow (one of the workflow…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question