Submit a Link
Home » Links » MOSSRSS Feeds

Configuring Kerberos for SharePoint 2007: Part 1 - Base Configuration for SharePoint

  Shared By: Brittni Harding    Date: Jun 16   Category: MOSS    Views: 2750

At some point during a career working with SharePoint, everyone will be given the dubious task of configuring Kerberos authentication. I've done this a few times with SPS 2003 in the past, but despite my previous experience, it is a complex and difficult task to undertake if you don't know how. As with most things, if you have the right info, it is really quite easy.

This is the first of a several-part series that outlines what you need to do to enable Kerberos in a MOSS 2007 environment. This article (part 1) will focus on how to get Kerberos working for just MOSS; the later articles will then expand on that to include Excel Services, Data Connections and SQL Server 2005 Analysis Services.

Why Kerberos?

There are many reasons why Kerberos authentication can be used rather than the default NTLM, the main reason should be because it is faster and more secure than NTLM. It should really be the default choice for any SharePoint deployment on this basis, however in the SharePoint world the main reason is normally to get around the 'double hop' authentication issue.

I am no security expert and I am sure there are better explanations out on the web somewhere (try here) but my simple understanding of a 'double hop' is where a user authenticates to a web server and that web server then needs to impersonate the user against another service. When this happens, the user's authentication ticket is 'hopping' across two services; this is not allowed in NTLM and you will have to user Kerberos to do this.

In SharePoint, 'double hops' are most commonly seen when webparts need to access other web services or databases. In MOSS 2007, the most common scenarios are around Excel Services, Data Connections and connecting to SQL Server Analysis Services cubes. (I.e. 'hopping' from the Excel services webpart to the SQL analysis cube).


No Answers Found. Be the First, To Post Answer.


Your Review Comment
  • Review should be atleast 30 Characters.
  • Please put code inside [Code] your code [/Code].