Kerberos Not Set Up On Server

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » SQL Server 2005 » SQL Server 2005 Security » Kerberos Not Set Up On Server

Kerberos Not Set Up On Server

Rate Topic

Display Mode

Topic Options

Author

Message

FREDERICK

Posted Tuesday, February 05, 2013 10:07 AM

Forum Newbie

Group: General Forum Members
Last Login: Saturday, February 09, 2013 12:21 PM
Points: 4, Visits: 24

Hello

Another party set up the Server and Databases.

First the Server was set up
Windows Server 2008 SP1

Then the Databases were set up
SQL Server 2008 along the reporting Services
Server Authentication - SQL Server and Windows Authentication

Now I go to use Reporting Services with Integrated Windows Authentication and find Kerberos was never set up.
So I ran this to check the Kerberos
SELECT auth_scheme FROM sys.dm_exec_connections WHERE session_id = @@spid

And I got
NTLM

SO my question is:

If I set Kerberos now, will this cause any issues?

Thanks

FRED

Post #1415972

FREDERICK

Posted Tuesday, February 05, 2013 10:08 AM

Forum Newbie

Group: General Forum Members
Last Login: Saturday, February 09, 2013 12:21 PM
Points: 4, Visits: 24

Additional info;
I want to use Windows integrated security such that each user who accesses the reports must have a valid Windows local or domain user account or be a member of a Windows local or domain group account.

Post #1415974

opc.three

Posted Tuesday, February 05, 2013 5:31 PM

SSCertifiable

Group: General Forum Members
Last Login: Yesterday @ 8:26 AM
Points: 6,737, Visits: 11,791

FREDERICK (2/5/2013)

Connecting to a local instance is always done using NTLM, i.e. when on the server where SQL Server resides and connecting to a local instance.

Setting up your SPNs such that remote clients authenticate using Kerberos instead of NTLM is transparent to the database operations within SQL Server and should not cause you any trouble.

__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato

Believe you can and you're halfway there. --Theodore Roosevelt

Everything Should Be Made as Simple as Possible, But Not Simpler --Albert Einstein

The significant problems we face cannot be solved at the same level of thinking we were at when we created them. --Albert Einstein

1 apple is not exactly 1/8 of 8 apples. Because there are no absolutely identical apples. --Giordy

Post #1416175

Joie Andrew

Posted Wednesday, February 06, 2013 5:58 AM

Mr or Mrs. 500

Group: General Forum Members
Last Login: Yesterday @ 5:04 PM
Points: 555, Visits: 1,036

If I set Kerberos now, will this cause any issues?

No, but there are a few things to note with Kerberos:
- If you have service accounts other than local system (and possibly network service) the SPNs will have to be registered against those accounts
- SPNs will have to be setup for both SQL and SSRS if you want Windows Integrated Security to work for SSRS
- The SSRS service account will need to be able to delegate Kerberos authentication to the SQL service running under the SQL Server service account

This white paper goes step-by-step how to go through setting it up:
Configuring Kerberos Authentication in a Reporting Services Environment

Joie Andrew
"Since 1982"

Post #1416450

« Prev Topic | Next Topic »

Permissions