SharePoint 2010 and Kerberos - recommendation.


  • Just reading through about Kerberos. Based on the fact that Kerberos eliminates multiple prompts for authentication in a two server farm, is it fair to say that most/all environments that have more than one server farm (One SQL + One SP2010) will implement Kerberos based authentication while installing SharePoint?

    Are there other ways to eliminate the multiple prompts using NTLM authentication itself?

    Any thoughts/suggestions greatly appreciated.



    2012年6月14日 下午 04:19


  • You can have a multi-server farm without enabling Kerberos and not have the multiple-prompt (double hop) issue.  The double hop is from a user authenticating to the front end, and then the front end needing to authenticate that user to some other service.  Since NTLM can't be passed to that other service, the user has to authenticate again.  SharePoint, by itself, does not have this problem even with multiple-server farms as the Service Application architecture mitigates it.

    2012年6月14日 下午 05:47