SharePoint 2010 End-to-End Kerberos Guide

Microsoft has truly outdone themselves when it comes to SharePoint 2010’s documentation, especially so close to the release of the product. Their whitepaper on configuring Kerberos is great guide that includes setup of not only the SharePoint Web Applications but OLTP, Reporting Services, Analysis Services, EWS, and more. One caveat to the guide is that it assumes you are using the latest and greatest on software and OS (which you should!) So if you aren’t using Windows Server 2008 R2 (IIS 7.5), Windows Server 2003 Domain, and SQL 2008 R2 you may have to make some modifications.
A few notes on the subject of Kerberos while I’m on the subject.. First, if you are going to release a publically facing extranet and want to use Kerberos you are going to require a reverse proxy (like Microsoft Unified Access Gateway) so that users outside your firewall can communicate with your DC to get a Kerberos Ticket. Next, if you are going to do anything with SQL Analysis Services do not implement NTLM, you are going to run into a double hop situation ASAP – end of story. Go with Kerberos right off the bat. Finally, look into Claims Based Authentication, I have a feeling that this technology will be a sleeper and probably really popular next year. You don’t have to worry about the NTLM double hop with claims and don’t have to host external accounts in your AD or host a separate AD all-together.

SharePoint Architecture