In this article, you will learn configuring Kerberos Authentication in Share Point 2013 - 2016 web application.
Introduction My team recently configured Kerberos Authentication in SharePoint 2013 web application. We have captured step by step process of how to configure Kerberos Authentication in SharePoint 2013. This article will help the SharePoint administrators who want to configure the Kerberos Authentication in their SharePoint web applications. Creating new web application with Kerberos Authentication
Name Resolution DNS Note - This section is to be executed by Windows Server Administrator for reliable configuration.
This section to be execute ONLY on DNS Server.
Service Principal Name (SPN)
Note Run setspn command with your web application’s Application Pool Service Account – e.g. DomainName/App pool service account. To do so, the Application Pool Service account must have membership in Domain Administrator or Enterprise Administrator. Follow these steps on DNS Server only.
Allow Trust for delegation Note - Logged user must have membership in Domain Administrator or Enterprise Administrator to execute the below steps.
Authentication Provider Note - To perform these steps, you must be a member of the SharePoint Farm Administrators group.
Configure Kerberos in IIS To verify the IIS Web Site Authentication settings, follow the below steps in IIS.
Verify or Assign access to Service Account on SQL Server
Configure Alternate Access Mapping
Verification of functionality
Essentials of Capacity Planning: Microsoft SharePoint Server 2010