Microsoft Office Tutorials and References
In Depth Information
In the Configure Security Settings portion of the page are the options for what IIS will
use as the authentication provider for Windows Integrated Authentication, either NTLM
or Kerberos. Although Kerberos is more secure, it takes more configuration to get to
work correctly, and there are network time and realm considerations. Further, search
tools (particularly the index account) sometimes have issues trying to access sites with
Kerberos authentication (especially those with custom ports).
11. So for this example, since NTLM works perfectly fine for most intranet situations,
especially when just using Central Administration, my choice at this point is NTLM. See
Figure 3.12 to see my settings.
WHEN MORE INFORMATION IS NOT THAT INFORMATIVE
You might be curious about using Kerberos and try the Show Me More Information link in the
Configuration Security Settings area. It will take you to a page for general information about
Kerberos overall, with nothing specifically helpful about configuring Kerberos for SharePoint.
To learn more about using Kerberos as your authentication method w ith SharePoint, go to
KnowledgeBase article 832769. With this version of SharePoint, you no longer have to run the script
the document refers to initially, but you do have to complete the Configure A Service Principal
Name For The Domain User Account and Configure Trust For Delegation For Web Parts To Access
Remote Resources sections. Enabling Kerberos is also covered in Chapter 16, “Advanced Installation
By the way, if you want to change your Central Administration site port number after this
process is complete, you will have to rerun the SharePoint configuration wizard, disable the
Central Administration site, and then reenable the site to specify a new port. Just changing
it in IIS will not let the configuration database for the farm know it has been changed.