Archive for the ‘Kerberos’ Category

SharePoint 2010 Kerberos Delegation

Monday, May 5th, 2014
Kerberos Delegation Can Cross Domain Boundry Can Cross Forest Boundary
Basic Yes No
Constrained No No
Have the SharePoint and external data on same Active Directory Domain
SharePoint Service Application Kerberos Delegation Type
Excel Services Constrained Delegation
Performance Point Services Constrained Delegation
InfoPath Forms Services Constrained Delegation
Visio Services Constrained Delegation
BDC / BCS Basic or Constrained Delegation
Access Services Basic or Constrained Delegation
SQL Reporting Services SSRS Basic or Constrained Delegation
MS Project Server Basic or Constrained Delegation
1. Kerberos delegation method can only change from basic to constrained as identity travels between services to services
2. Services require translation of claims based credentials to Windows credentials. The Process of translation uses C2WTS service
3. C2WTS must be constrained

Excerpt from:

Configuring Kerberos Authentication for Sharepioint 2010 Products