Configure SharePoint as Kerberos

During this task you will configure SharePoint as an Access Gateway Kerberos application.

SharePoint applications are configured identically to Kerberos applications. See Add Kerberos application for information on configuring stand-alone Kerberos applications.

Task

Description

Create a containing group
  • Best practice, create an optional group to be assigned to the application.
Add Access Gateway to Windows DNS
  • Windows must be the DNS provider for Access Gateway. During this task we add appropriate Windows DNS entries for Access Gateway instances.
Create Windows Access Gateway service account
  • Access Gateway requires a set of known Windows credentials, which will be used by the instance to configure the Kerberos service. During this task we create the required service account.
Create keytab
  • Access Gateway requires a keytab to create a Kerberos service. During this task you will create the keytab file and transfer it to a location accessible to Access Gateway.
Add Kerberos service
  • In order to interact with Windows using Kerberos, a Kerberos service is required. In this task, we will use the previously created credentials and keytab to configure a Kerberos service.
Configure Windows Server IIS for constrained delegation
  • Kerberos requires Window IIS be configured for constrained delegation. In this task we configure constrained delegation and validate the Kerberos service using a test user.