So, sometimes it does happen: a SharePoint farm uses Kerberos authentication. According to which stories you've read, this is a good thing and/or a bad thing. Does it speed things up, or does it slow things down? One thing is certain: it does make things more complicated. A couple of months ago I had to troubleshoot a SharePoint 2007 farm that used (or should have used!) Kerberos authentication. It was my first introduction to the world of Kerberos, and I learned there is a lot of contradictory information spread over the internet. I'm still no expert, but the things I've learned so far:
Know you sources. A lot of people talk about it, they shouldn't. Two sources I've found to be really helpful: Spence Harbar and Martin Kearn (old, new).
Use the right tools. I have found the DelegConfig tool to be very useful. Basically it shows you the service accounts you have configured for your IIS Application Pools, and the registered SPN tickets. Any misconfiguration will be detailed, and with the right privileges the solution is just one click away (make sure you understand before you click...). You can read more about the tool here.
No comments:
Post a Comment