Correct as Paul mentioned Kerberos will only for the specific Web Apps that you have configured to use Kerberos. You can have both Negotiate and NTLM web apps in the same farm.
Cheers, Prashanth Sent from my iPhone On Feb 11, 2013, at 6:21 AM, "Paul Culmsee" <[email protected]> wrote: > It’s been a while for me for Kerberos so bear that in mind J > > The line here “Once we set the SPN, the auth_schema for farm will be > 'Kerberos'” throws me off because it infers that as soon as you do it, you > have a Kerberos farm. But when you add the SPN in AD and it makes no > difference to SharePoint’s behaviour by default. The decision to go Kerberos > is based on whether you choose NTLM or Negotiate at the web app. Thus, any > other web apps created as NTLM will happily ignore the SPN stuff altogether > as its not using Kerberos in the first place. > > Regards > > Paul > > From: [email protected] [mailto:[email protected]] On Behalf > Of Ajay > Sent: Monday, 11 February 2013 6:13 AM > To: ozMOSS > Subject: Re: Sp 2010 - Kerberos > > Hi Paul, > Thanks... > > Once we set the SPN, the auth_schema for farm will be 'Kerberos' but it will > only show for the services (app pool) being used for delegation. > From the guide > [ > Select s.session_id, s.login_name, s.host_name, c.auth_scheme > from > sys.dm_exec_connections c inner join sys.dm_exec_sessions s > on c.session_id = s.session_id > > ] > > I mean it will not affect to create future web apps in NTLM mode and not > affect the Central Admin. > > Cheers > Ajay > > > On Mon, Feb 11, 2013 at 11:05 AM, Paul Culmsee > <[email protected]> wrote: > Hi > > You need to register the SPN yes, and then you need to delegate to it from > any account that might access it. That means the claims to windows token > account, service account and web app account. > > Regards > > Paul > > From: [email protected] [mailto:[email protected]] On Behalf > Of Ajay > Sent: Monday, 11 February 2013 5:56 AM > To: ozMOSS > Subject: Sp 2010 - Kerberos > > Hi Guys, > > I have to set up Kerberos for BI stuff like Excel Services, Performance > Point, SSRS and Analysis services > > I have downloaded the 246 page guide from Microsoft.. which looks good. > > I have one quick question... do we need to enable Kerberos for Sql Server > also? > > like the following > SetSPN -S MSSQLSVC/MySQLCluster.vmlab.local:1433 vmlab\svcSQL > > I think as Sql Server is not delegating credentials than it does not need to > be Kerberos enabled or does it need to be. > > Cheers > Ajay > > > > > > > _______________________________________________ > ozmoss mailing list > [email protected] > http://prdlxvm0001.codify.net/mailman/listinfo/ozmoss > > > _______________________________________________ > ozmoss mailing list > [email protected] > http://prdlxvm0001.codify.net/mailman/listinfo/ozmoss
_______________________________________________ ozmoss mailing list [email protected] http://prdlxvm0001.codify.net/mailman/listinfo/ozmoss
_______________________________________________ ozmoss mailing list [email protected] http://prdlxvm0001.codify.net/mailman/listinfo/ozmoss
