Kerberos v's NTLM authentication
What are the pros and cons of Kerberos v's NTLM authentication when creating new site collections?
All the best
December 19th, 2007 7:24pm
Can't use RSS with NTLM.
Free Windows Admin Tool Kit Click here and download it now
December 19th, 2007 8:23pm
RSS works fine for us with NTLM authentication. Depends onyour method of accessfor the RSS feed I assume. Accessing SharePointRSS fromOutlook/IE works perfectly.
December 19th, 2007 8:36pm
The biggest things we need to watch out for using NTLM is the Excel Services and SQL Reporting Services Integration settings.
Free Windows Admin Tool Kit Click here and download it now
December 19th, 2007 8:40pm
Hmm... I've read a bunch of things last week which stated RSS wouldn't work in NTLM authentication...
December 19th, 2007 8:54pm
Are you currently using SPS2003 or MOSS for your NTLM authentication?
Are you using built-in RSS or a 3rd party?
Free Windows Admin Tool Kit Click here and download it now
December 19th, 2007 9:08pm
Yes thats fine but what is desired is the ability to pull RSS content from one site to another within your SharePoint Environment. WIthout Kerberos Authentication this is not possible.
December 20th, 2007 3:44am
Overall you will experience faster performance when using Kerberos.You are eliminating double hops. You can also with MOSS 2007 utilize RSS feeds "Within your SharePoint Environment" If your planning on utilizing BDC some LOB Applications will require Kerberos authentication.
Cons - Think through your SPN's carefully and PLAN PLAN PLAN your implementation. DO NOT RUSH IN. You will end up pulling your hair out or calling Microsoft Support due usually to something stupid like a misconfigured SPN or a duplicate SPN
Other Cons - Difficult to troubleshoot. Generally I look for 540 entries in my Security log to see the method of authentication being used. I will also as stated earlier throw on a RSS Web Part onto apage and capture one of my document libraries that im a member of. Generally i will do this on MySite.
Another common think i see is a constant authentication prompt that just wont go away. This is usually a sign of problems in a Kerberos environment.
My advise. If your going to go this route and utilize Kerberos and run into issues push through those issues. You made the decision so fight through the problem. Its worth it in the end. Trust me on this.
Although there isnt a wealth of information generated by Microsoft on Kerberos and SharePoint there are a few blogs that will point you in some right directions.
Search for myself, Spence Harbar and Martin Kearns to obtain information from our blog posts.
Good luck
Free Windows Admin Tool Kit Click here and download it now
December 20th, 2007 3:56am
just wanted to clarify something here:" If your planning on utilizing BDC some LOB Applications will require Kerberos authentication."that's not true.i am running BDC successfully in an NTLM environment...using Single Sign-On.
February 12th, 2008 8:34pm
Good for you but please note in my statement that "Some" LOB Applications will require Kerberos Authentication. Sorry but this is a true statement.
Free Windows Admin Tool Kit Click here and download it now
February 13th, 2008 2:31am
To NETDEV: Can you point me to a post which confirms RSS with NTLM in MOSS 2007? I haven't come across any after searching a lot, but maybe I'm missing something?
March 24th, 2009 3:15pm
hi,it is pleasure to get your help. when i open office sharepointsearchfunction in ths central administration v3,i can't open the setting page,searchserviceinstancesettings.aspx.after then, i use stsadm command start the search function in the console.but in the event view equipment Microsoft.Office.Server.Search.Administration.SearchServiceInstanceHTTP 401 Unauthorizedwhy?thank you for your reply!!
Free Windows Admin Tool Kit Click here and download it now
September 18th, 2009 10:45am
what about excel services reading from analysis services? only kerberos works?
thx
Gabriel
July 13th, 2010 12:13pm