SharePoint 2010 Kerberos Delegation

Kerberos Delegation Can Cross Domain Boundry Can Cross Forest Boundary
Basic Yes No
Constrained No No
Have the SharePoint and external data on same Active Directory Domain
SharePoint Service Application Kerberos Delegation Type
Excel Services Constrained Delegation
Performance Point Services Constrained Delegation
InfoPath Forms Services Constrained Delegation
Visio Services Constrained Delegation
BDC / BCS Basic or Constrained Delegation
Access Services Basic or Constrained Delegation
SQL Reporting Services SSRS Basic or Constrained Delegation
MS Project Server Basic or Constrained Delegation
1. Kerberos delegation method can only change from basic to constrained as identity travels between services to services
2. Services require translation of claims based credentials to Windows credentials. The Process of translation uses C2WTS service
3. C2WTS must be constrained

Excerpt from:

Configuring Kerberos Authentication for Sharepioint 2010 Products

Leave a Reply

Sign up for Softvative Newsletter

Get notified about new articles and deals

Receive the latest technology and leadership news and resources from us

Subscribe To Softvative Newsletter