Kerberos still accepting NTLM Authentication
- Hello all. I recently configured my SP farm to use Kerberos authentication. Everything works as expected and when I log on, I can check the server's event viewer to see that Kerberos is being used. However, I recently wrote a "stress test" application that uses NetworkCredentials to send requests. To my surprise, I can set the authentication type of my request to NTLM as well as Negotiate and it still work. I was under the impression the the NTLM request would be rejected. Does this mean my Kerberos configuration is screwed up? Here's my code block for more clarity.
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(uri.ToString()); System.Net.CredentialCache cache = new CredentialCache(); //using NTLM cache.Add(new Uri(uri.ToString()), "NTLM", new NetworkCredential("spuser", "password", "domain")); req.Credentials = cache; //still works!? req.GetResponse();
Thanks in advance.- Moved byMike Walsh MVPMVP, ModeratorThursday, November 05, 2009 4:12 PMadmin q (From:SharePoint - General Question and Answers and Discussion)
Answers
Hi,
Kerberos authentication to support the following functionality, what is your Kerberos scenario?
· Communication between Office SharePoint Server 2007 and Microsoft SQL Server database software.
· Access to the SharePoint Central Administration Web application.
· Access to other Web applications, including a portal site Web application, a My Site Web application, and an SSP Administration site Web application.
· Access to the shared services for the Office SharePoint Server 2007 Web applications in the Office SharePoint Server 2007 Shared Services Provider (SSP) infrastructure.
Please refer to the following articles to double check whether your steps are correct:
Configure Kerberos authentication (Office SharePoint Server)
http://technet.microsoft.com/en-us/library/cc263449.aspx
Configuring Kerberos for SharePoint 2007: Part 1 - Base Configuration for SharePoint
For more information about troubleshooting Kerberos in a SharePoint environment, please refer to the following article:
Troubleshooting Kerberos in a SharePoint environment (Part 1)
http://www.windowsecurity.com/articles/Troubleshooting-Kerberos-SharePoint-environment-Part1.html
Hope this helps.
Rock Wang
Rock Wang– MSFT- Marked As Answer byRock Wang– MSFTMSFT, ModeratorFriday, November 13, 2009 10:11 AM
All Replies
Hi,
Kerberos authentication to support the following functionality, what is your Kerberos scenario?
· Communication between Office SharePoint Server 2007 and Microsoft SQL Server database software.
· Access to the SharePoint Central Administration Web application.
· Access to other Web applications, including a portal site Web application, a My Site Web application, and an SSP Administration site Web application.
· Access to the shared services for the Office SharePoint Server 2007 Web applications in the Office SharePoint Server 2007 Shared Services Provider (SSP) infrastructure.
Please refer to the following articles to double check whether your steps are correct:
Configure Kerberos authentication (Office SharePoint Server)
http://technet.microsoft.com/en-us/library/cc263449.aspx
Configuring Kerberos for SharePoint 2007: Part 1 - Base Configuration for SharePoint
For more information about troubleshooting Kerberos in a SharePoint environment, please refer to the following article:
Troubleshooting Kerberos in a SharePoint environment (Part 1)
http://www.windowsecurity.com/articles/Troubleshooting-Kerberos-SharePoint-environment-Part1.html
Hope this helps.
Rock Wang
Rock Wang– MSFT- Marked As Answer byRock Wang– MSFTMSFT, ModeratorFriday, November 13, 2009 10:11 AM
