Here is what I had to do to use Kerberos as the authentication method:

1. Service Principal Name (SPN) Registration 

A service principal name (SPN) is the name by which a client uniquely identifies an instance of a service.
For Kerberos authentication to work, we have to register the required SPNs for MOSS, SQL Server and SQL Server Analysis Services.
Logged in as a Domain Administrator, run the following from the command prompt:

For MOSS:
setspn.exe HTTP/FQDN domain\MOSS_ApplicationPoolAccount
setspn.exe HTTP/url domain\MOSS_ApplicationPoolAccount

For SSP:
setspn.exe HTTP/FQDN_for_SSP:portNum domain\SSP_ApplicationPoolAccount
setspn.exe HTTP/url_for_SSP:portNum domain\SSP_ApplicationPoolAccount

For Central Administration:
setspn.exe HTTP/FQDN_for_CentralAdmin:portNum domain\MOSS_AdminAccount
setspn.exe HTTP/url_for_CentralAdmin:portNum domain\MOSS_AdminAccount

For SQL Server:
setspn.exe MSSQLSvc/FQDN_for_SQLServer:[1433 | instance name] domain\SQLServerAccount
setspn.exe MSSQLSvc/url_for_SQLServer:[1433 | instance name] domain\SQLServerAccount

For SQL Server Analysis Services (OLAP):
setspn.exe MSOLAPSvc.3/FQDN_for_SQLServer domain\OLAP_Account
setspn.exe MSOLAPSvc.3/url_for_SQLServer domain\OLAP_Account

2. Enable Delegation for Servers (MOSS and SQL Server) and Accounts 

After registering the SPNs as outlined above, the next step is to ensure that the MOSS servers, SQL Server and accounts are trusted for delegation.
Logged in as a Domain Administrator:
Go to the Delegation tab for the Server, and select Trust this computer for delegation to any service (Kerberos only)
Go to the Delegation tab for the Service, and select Trust this user for delegation to any service (Kerberos only) 

3. Modify SSP to use Kerberos authentication

 Logged in as a Domain Administrator, run the following from the command prompt:
cd %Program Files%/Common Files\Microsoft Shared\web server extensions\12\BIN
stsadm –o setsharedwebserviceauthn –negotiate
iisreset /noforce

4. Modify Excel Services to use Kerberos authentication

Logged in as a Domain Administrator, run the following from the command prompt:
cd %Program Files%/Common Files\Microsoft Shared\web server extensions\12\BIN
stsadm -o set-ecssecurity -ssp Shared Services Provider Name -accessmodel delegation
stsadm -o execadmsvcjobs

5. Change default authentication mode to Kerberos

Go to Central Administration -> Application Management -> Authentication Providers
Click on “Default”
Change from NTLM to Negotiate (Kerberos)

And that should be it.

Advertisements