Configuring SharePoint 2010 with Kerberos Authentication

Được đăng bởi Lucky_hieu10 vào lúc 7:33 a.m. Nhãn:

How to configure SharePoint 2010 with Kerberos authentication?
Before start configuring SharePoint 2010 with Kerberos, it’s better to understand what is Kerberos authentication and how it can help SharePoint.

About Kerberos authentication

Kerberos is a secure protocol that supports ticketing authentication. A Kerberos authentication server grants a ticket in response to a client computer authentication request, if the request contains valid user credentials and a valid service principal name (SPN). The client computer then uses the ticket to access network resources. To enable Kerberos authentication, the client and server computers must have a trusted connection to the domain Key Distribution Center (KDC). The KDC distributes shared secret keys to enable encryption. The client and server computers must also be able to access Active Directory Domain Services (AD DS). For AD DS, the forest root domain is the center of Kerberos authentication referrals.

To deploy a server farm running Microsoft SharePoint Server 2010 using Kerberos authentication, you must install and configure a variety of applications on your computers. This article describes an example server farm running SharePoint Server 2010 and provides guidance for deploying and configuring the farm to use Kerberos authentication to support the following functionality:

  • Communication between SharePoint Server 2010 and Microsoft SQL Server database software.
  • Access to the SharePoint Central Administration Web application.
  • Access to other Web applications, including a portal site Web application and a My Site Web application.

    Read More: Configure Kerberos authentication (SharePoint Server 2010)

Step by step instruction how how to configure SharePoint 2010 with Kerberos Authentication
Source: Configuring SharePoint 2010 with Kerberos Authentication

Follow the steps below to be absolutely sure of the account responsible for running the site that will support kerberos authentication. If SharePoint has already been configured verify your application pool account is, in fact, running the IIS application pool that supports the website where Kerberos is enabled

Configuring SharePoint 2010 with Kerberos Authentication - Step 1

Open the web application that will support Kerberos and make a note of the application pool that supports this web application (note that you may have more than one web application for the same data for such cases as http and https so take care to determine the exact web application)

Configuring SharePoint 2010 with Kerberos Authentication - Step 2

Make a note of the account that is the identity of this application pool, later this account must be trusted for “Delegation”.

* If the application pool is “Network Service” then Kerberos cannot be configured, the application pool account configured through Central Administration must be a domain account.

Configuring SharePoint 2010 with Kerberos Authentication - Step 3

Source:http://virtualizesharepoint.com

0 nhận xét:

Post a Comment

thanks comment

Subscribe to: Post Comments (Atom)