MOSS Forum

Ask Question   UnAnswered
Home » Forum » MOSS       RSS Feeds

Kerberos and RSS Feeds

  Asked By: Lyndsey    Date: Mar 16    Category: MOSS    Views: 1014

I'm interested in enabling Kerberos for authenticated RSS feeds...

Does anyone have any good step-by-step instructions for doing this?

I'd be grateful.



12 Answers Found

Answer #1    Answered By: Timmy Whitney     Answered On: Mar 16

Off the top of my head I don't know of any except that in Bill English's '07
Administrator's companion there's a section in there that discusses how to
register the web applications as security principal names, near the
beginning of the book.

Answer #2    Answered By: Harihar Sonnad     Answered On: Mar 16

I don't have any easy instructions  available, but the process is not to
enable Kerberos for just RSS feeds. Since Kerberos supports Delegation
enabling Kerberos for use in Windows Authentication will clear up the
problem of the RSS viewer web part not supporting Authenticated feeds.
You need to turn on Kerberos on your network and then go to
Authentication Providers on the Application Management Tab of Central
Admin and enable Kerberos for each Web Application. Check with your
network admins about how to enable Kerberos for your Active Directory.

Answer #3    Answered By: Deven Gajjar     Answered On: Mar 16

That's what I thought.

The rub is: I'm one of the network admins. So I'm looking for a
complete document that explains what I need for MOSS 2007 and what I
have to do on the Windows 2003 Server side of things.

Answer #4    Answered By: Latisha Schneider     Answered On: Mar 16

Also be aware that Kerberos authentication has intermittent problems on
the best of networks.

There are rumors that a major software vendor still has problems with it
in their implementation.

Answer #5    Answered By: Nora Maxwell     Answered On: Mar 16

In terms of Kerberos though, something to remember is that your clients
always need to be able to see the Key Distribution Center (KDC), else they
will not be able to authenticate by such means and will drop back to NTLM.

Answer #6    Answered By: Corina Duran     Answered On: Mar 16

The only comprehensive information I have found is Mark Arend's blog
post at:

We have an open issue in relation to this because you will notice
that it specifies opening delegation back to the SQL Server. In our
environment, SQL is in a separate forest and we use SQL
authentication, so we can't open this delegation. We have done
everything else and RSS feeds  still don't work, so we assume this
must really be required, even though we can't understand why it
should be.

Answer #7    Answered By: Irving Hurley     Answered On: Mar 16

There are still quite a few issues when using Kerberos and SharePoint.
While I haven't tried it myself, I think I read somewhere that
delegation is still required even if you are using SQL authentication.

Answer #8    Answered By: Vinay Thakur     Answered On: Mar 16

I managed to find a decent document about the whole Kerberos setup with
MOSS... pretty much start to finish.

What really annoys me a little is that this is a fairly involved task,
and I'm not seeing any Microsoft documents that are this type of

Anyway, I'm going to give this a try and see what happens, I'll report
back at the end of the day:


Answer #9    Answered By: Kristie Hardy     Answered On: Mar 16

I look forward to seeing your post, Gerhard. We have one farm NTLM and
one Kerberos, and the only difference between the two is that the
Kerberos farm gives us a 'trial license expired' error when accessing
the 'User profiles and properties' page on the SSP. I'm not ready to pin
that on Kerberos -- yet...

Answer #10    Answered By: Faith Delgado     Answered On: Mar 16

It's working. I've gotten it setup as per the instructions
(destructions perhaps) from the link I posted a few messages ago.

The RSS feeds  are up, and the DC, SQL, and MOSS servers are all talking
just fine.

Though I know I'll have to tweak my accounts a little bit, adding at
least one more...

Answer #11    Answered By: Alisha Itagi     Answered On: Mar 16

Can you satisfy my curiosity - can you please open your 'User profiles
and properties' page in your SSP and confirm that it's working?

Answer #12    Answered By: Judy Pittman     Answered On: Mar 16

'trial license expired' is almost always the application pool identity
not having adequate permissions on a SharePoint Server. Microsoft
recommends they be local administrators.

Didn't find what you were looking for? Find more on Kerberos and RSS Feeds Or get search suggestion and latest updates.