Kerberos by its very nature is very complex, but it offers the

best solution for distributed authentication mechanisms

that are both secure and efficient in a distributed multi-

server SharePoint farm.

The Kerberos configuraton provides among other

things:

In the security environment, SharePoint

offers multiple authentication options and

authentication zones, the two most common

choices for enterprise implementations in intranet

scenarios are NTMLM and Kerberos. Both

of these protocols are used within grated

Windows authentication.

In a classic challenge/response scheme,

NTLM relies on IIS generating a token with

a challenge, sending it to the client, the

client responding with a token, and a domain

controller validating that response.

NTLM requires user names and passwords

to be encrypted before they are transmitted,

and also requires a re-authentications (a new

token when accessing a new network resource.

Kerberos, on the other hand, relies on a ticketing

system where a client and server access a

trusted authority called a key Distribution Center

(KDC), which responds to client requests and

grants tickets that the client can use to access

network resources.

Kerberos does not require re-authentication for

accessing multiple resources.

Kerberos is an authentication protocol that rides

on top of TCP/IP and is many things to different

users but one thing everybody agrees on is that

a proper Kerberos configuration in a SharePoint

environment is a paramount importance to the

well-being of any SharePoint environment is

of paramount importance to the well-being of

any SharePoint installations.

DCU offers Kerberos training targeted to help users get clear

and useful information about how their networks are setup

to use this information to trouble-shoot their existing issues.

The training provides the students with useful labs to hone

their skill set in their SharePoint administration and

configuration duties.