Kerberos for SQL Server and SharePoint the easy way
Configuring Kerberos can be easy. Indeed, with favourable conditions and some preparation, the whole thing can be over in minutes. However, if hours later it still does not work, troubleshooting can take many days even with help of experts.
As you all know, real world implementations can deviate dramatically from lab scenarios considered in common whitepapers. What most resources usually cover is, at best, some step by step configuration instructions for a particular architecture. Such instructions often lack explanation of why it has to be done that way in terms of the role of every step in the authentication process, i.e. they do not explain principles, only give certain examples.
I would like to present easy to follow principles of Kerberos constrained delegation and protocol transition with handy tips and templates to get this right the first time for your particular environment. The goal is to explain the meaning of the settings in terms of the role in the Kerberos constrained delegation authentication rather than simply presenting another example of a particular scenario. I will also include a
jargon-busting glossary of terms to help you get started.
This presentation covers some very useful resources to help you tame your three-headed monster and make it behave in case it decides to go on a strop. I will also mention some useful tips and resources
on dealing with Claims To Windows Token services, an important part to Kerberos configuration. It plays a very important part in delegating authentication for services requiring protocol transition (Claims -> Windows), such as Excel Services, Performance Point and Power View.
Dmytro Andriychenko's Summary
I am a keen data and systems integration professional who enjoys a challenge of both technical and personal nature. I am particularly interested in projects involving novel clashes of technologies prompting unusual approaches or organisational challenges. I love performance tuning and optimising IT system infrastructures.
These are main areas of my technical expertise:
- SQL Server Development, especially Enterprise Data Warehouse and OLAP design and implementation
- Microsoft BI: complete stack of SSIS, SSAS, SSRS and SharePoint BI
- SharePoint administration, configuration and development including Kerberos configuration and troubleshooting
I also have experience of designing BI systems end to end from hardware and application tiers to systems integration, requirements engineering, database and ETL design and development. I am also keen to learn other BI technologies having had experience of Microstrategy, Business Objects, Tableau and even Open Source tech like Pentaho, MySQL, MariaDB, Cassandra etc.
Data Integration, Data Warehousing, OLAP, Data Mining, SQL Server Tuning, Systems Architecture, Data architecture, Database development, Design, Development and maintenance.