Configuring Kerberos Authentication in SharePoint 2010 has gotten a bad reputation for being too hard to do so many, if not most, stick with the standard NTLM authentication. Even Microsoft recommends this. For many instances, this may be fine, but if you require Kerberos, I recommend using the below document from Microsoft to guide you through the configuration of Kerberos.Click Here
Some keys to remember when setting up Kerberos is the people or technologies you will need to work with.
In a typical enterprise, you will need to speak with the following folks.
- Active Directory Administrators (Create SPN’s & KDC configuration)
- Load Balancing Administrators
- SSL Encryption (external or internal)
If you are the administrator of all of this, then your job gets easier and harder, because now you have to know how to do all of this. The above document, however, walks you through the process step by step and then shows you how to effectively test to ensure the configuration is working.
Basically there are 5 steps to configuring Kerberos (not including SharePoint Installation)
- Create SPN’s – Info
- Configure account delegation
- Configure SSL
- Configure Load Balancing
- Configure Web Application
The process is more complex than just 5 steps, but those are the basic aspects of the configuration. Ensure you follow the above document and don’t get bored by all of the content within. They get a little too much into their scenario for configuration which is can be confusing. The naming scheme for service accounts and Service Applications are so similar it’s easy to get lost in the document.
I recommend you read through the document once or twice before starting, create an action plan that shows your step-by-step process before you begin then execute. More importantly, research and truly analyze whether your implementation really requires Kerberos or you can get by with just NTLM.
Once you’ve made it through, you’ll find it’s much easier than even the document makes it out to be. Sometimes these documents are much too wordy.
Leave your comments about your experiences with configuring Kerberos authentication for SharePoint 2010.