Configure Kerberos for SharePoint 2010


Cerberus or Kerberos, in Greek and Roman mythology, is a multi-headed hound (usually three-headed)which guards the gates of the Underworld, to prevent those who have crossed the river Styx from ever escaping. more

Configuring Kerberos Authentication in SharePoint 2010 has gotten a bad reputation for being too hard to do so many, if not most, stick with the standard NTLM authentication. Even Microsoft recommends this. For many instances, this may be fine, but if you require Kerberos, I recommend using the below document from Microsoft to guide you through the configuration of Kerberos.

Configuring Kerberos Authentication for Microsoft SharePoint 2010 Products (Download)

How do I know if I should use Kerberos or NTLM?
This is a good article that lays out why you would use Kerberos. Click Here

Some keys to remember when setting up Kerberos is the people or technologies you will need to work with.

In a typical enterprise, you will need to speak with the following folks.

  • Active Directory Administrators (Create SPN’s & KDC configuration)
  • Load Balancing Administrators
  • SSL Encryption (external or internal)

If you are the administrator of all of this, then your job gets easier and harder, because now you have to know how to do all of this. The above document, however, walks you through the process step by step and then shows you how to effectively test to ensure the configuration is working.

Basically there are 5 steps to configuring Kerberos (not including SharePoint Installation)

  1. Create SPN’s – Info
  2. Configure account delegation
  3. Configure SSL
  4. Configure Load Balancing
  5. Configure Web Application

The process is more complex than just 5 steps, but those are the basic aspects of the configuration. Ensure you follow the above document and don’t get bored by all of the content within. They get a little too much into their scenario for configuration which is can be confusing. The naming scheme for service accounts and Service Applications are so similar it’s easy to get lost in the document.

I recommend you read through the document once or twice before starting, create an action plan that shows your step-by-step process before you begin then execute. More importantly, research and truly analyze whether your implementation really requires Kerberos or you can get by with just NTLM.

Once you’ve made it through, you’ll find it’s much easier than even the document makes it out to be. Sometimes these documents are much too wordy.

Leave your comments about your experiences with configuring Kerberos authentication for SharePoint 2010.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s