which country user step here?

Tag Cloud

MOSS (47) SharePoint 2007 (37) SharePoint 2013 (23) SharePoint 2010 (22) MOSS admin (17) admin (17) PowerShell (16) developer (16) List (15) WSS (14) sql query (14) MOSS SP2 (13) end user (11) scripting (11) wss V3 (11) Moss issue (8) search (8) permission (7) sql (7) Service Pack (6) database (6) reportadmin (6) workflow (6) Excel (5) client object model (5) CU (4) Client Code (4) Command (4) Cumulative Updates (4) Patch (4) SharePoint designer (4) stsadm (4) ASP.NET (3) Content Database (3) Groove (3) Host Named Site Collections (HNSC) (3) IIS (3) RBS (3) Tutorial (3) alert (3) batch file (3) codeplex (3) error (3) incomming email (3) restore (3) upload (3) Caching (2) Folder (2) Index (2) Internet (2) News (2) People Picker (2) Share Document (2) View (2) Web Development with ASP.NET (2) add user (2) authentication (2) coding (2) column (2) deploy solution (2) domain (2) download (2) enumsites (2) exam (2) export (2) issue (2) june CU (2) mySites (2) network (2) office 365 (2) orphan site (2) performance (2) profile (2) project server (2) query (2) server admin (2) theme (2) timer job (2) training (2) user porfile (2) web master (2) web.config (2) wsp (2) 70-346 (1) 70-630 (1) AAM (1) Anonymous (1) Approval (1) Cerificate (1) Consultants (1) Content Deployment (1) Content Type (1) DOS (1) Document Library (1) Drive Sapce (1) Excel Services (1) Export to Excel (1) Feature (1) GAC (1) Get-SPContentDatabase (1) Get-WmiObject (1) HTML calculated column (1) ISA2006 (1) IT Knowledge (1) ITIL (1) Install (1) Link (1) MCTS (1) Macro (1) Migration (1) My Site Cleanup Job (1) My Sites (1) NLBS (1) Nintex (1) Office (1) Open with Explorer (1) ROIScan.vbs (1) Reporting Services (1) SPDisposeCheck.exe (1) SQL Instance name (1) SSRS (1) SharePoint farm (1) Shared Services Administration (1) Site Collection Owner (1) Site template (1) Steelhead (1) URLSCAN (1) VLOOKUP (1) WSS SP2 (1) XCOPY (1) admi (1) app (1) application pool (1) aspx (1) audit (1) availabilty (1) backup (1) binding (1) blob (1) branding sharepoint (1) cache (1) calendar (1) connection (1) copy file (1) counter (1) crawl (1) custom list (1) event (1) excel 2013 (1) facebook (1) filter (1) fun (1) group (1) iis log (1) import (1) import list (1) improment (1) interview (1) keberos (1) load balance (1) log in (1) metada (1) migrate (1) mossrap (1) onedrive for business (1) operation (1) process (1) publishing feature (1) resource (1) security (1) send email (1) size (1) sps2003 (1) sql201 (1) sql2012 (1) sub sites (1) system (1) table (1) task list (1) today date (1) vbs (1) video (1) web part (1) widget (1) windows 2008 (1) windows 2012 R2 (1) windows Azura (1) windows account (1) windows2012 (1) wmi (1)

Sunday, February 26, 2012

Kerberos protocol diagram

Finally going to start setup Sharepoint2010 Open-mouthed smile, need to refresh some memory about kerberos. just share the diagram for basic understand.

Bb742516.kerb01_big(l=en-us)

information copy from Microsoft:

Typically there are three main reasons to use the Kerberos protocol:

1. Delegation of client credentials — The Kerberos protocol allows a client's identity to be impersonated by a service to allow the impersonating service to pass that identity to other network services on the client's behalf. NTLM does not allow this delegation. (This limitation NTLM is called the "double-hop rule"). Claims authentication, like Kerberos authentication, can be used to delegate client credentials but requires the back-end application to be claims-aware.

2. Security — Features such as AES encryption, mutual authentication, support for data integrity and data privacy, just to name a few, make the Kerberos protocol more secure than its NTLM counterpart.

3. Potentially better performance — Kerberos authentication requires less traffic to the domain controllers compared with NTLM (depending on PAC verification, see Microsoft Open Specification Support Team Blog: Understanding Microsoft Kerberos PAC Validation). If PAC verification is disabled or not needed, the service that authenticates the client does not have to make an RPC call to the DC (see: You experience a delay in the user-authentication process when you run a high-volume server program on a domain member in Windows 2000 or Windows Server 2003). Kerberos authentication also requires less traffic between client and server compared with NTLM. Clients can authenticate with web servers in two request/responses vs. the typical three-leg handshake with NTLM. However, this improvement is typically not noticed on low latency networks on a per-transaction basis, but can typically be noticed in overall system throughput. Remember that many environmental factors can affect authentication performance; therefore Kerberos authentication and NTLM should be performance-tested in your own environment before you determine whether one method performs better than the other.

This is an incomplete list of the advantages of using the Kerberos protocol. There are other reasons like mutual authentication, cross platform interoperability, and transitive cross domain trust, to name a few. However, in most cases one typically finds delegation and security to be the primary drivers in adoption of the Kerberos protocol.

1 comment:

SharePoint Engine said...

Sharepoint Staffing has large applicability and importance when the question is to operate any organization's pooling resources and various tasks.Staffing is essential for working with this software that is accessible in large quantity in this industry.
More...

Sharepoint Staffing