Configuring Kerberos Authentication for SharePoint 2010 products

One of the most difficult things when using a multi server farm is the security delegation between the servers. In most cases this still will be done using Kerberos, even though we have Claims based authentication in SP2010 most systems outside the native SharePoint 2010 farm will be using Kerberos (like SSAS and SSRS).

Microsoft has released a great whitepaper that:

This document provides you with the information that will help you:

  • Understand the concepts of identity in SharePoint 2010 Products
  • Learn how Kerberos authentication plays a critical role in authentication and delegation scenarios
  • Identify the situations where Kerberos authentication should be leveraged or may be required in solution designs
  • Configure Kerberos authentication end-to-end within your environment including  scenarios which leverage various service applications in SharePoint Server
  • Test and validate that Kerberos authentication is configured correctly and working as expected
  • Find additional tools and resources to help you configure Kerberos authentication in your environment

This document is divided in two major sections:

  • Overview of Kerberos Authentication In SharePoint 2010 Products

This section provides conceptual information about managing identity in SharePoint Products, the Kerberos protocol, and how Kerberos authentication plays a key role in SharePoint 2010 Solutions

  • Step-By-Step Configuration

This section will walk you through the steps required to configure Kerberos authentication and delegation in various SharePoint solution scenarios.

Download the whitepaper here.

  • But not PowerPivot. Because PowerPivot lives *within* the SharePoint farm it does not need; nor use Kerberos. Even with data refresh, because the machine logon is done on the same machine where the AS instance accesses it data, you don’t need Kerberos there either. It just works.

  • Kasper de Jonge

    Hi @Dave Wickert , Thanks for the comment. I forgot to mention this.

  • You may want to look at the Kerberos SPN Generation Setup Tool at http://futuresults.com