8

Would there be any situation where you would choose NTLM over Kerberos for a Sharepoint 2010 farm?

The sites will use claims based auth, Internal users & content editors will authenticate against a separate AD (one way trust).

If you need more info please ask and I can provide more information.

Thanks in advance.

redsquare
  • 205
  • 1
  • 3
  • 5

1 Answers1

5

Kerberos is required if you are going to use certain features like SQL Server Reporting Services, Outlook Web Access, Performance Point, etc where the user's request to SharePoint has to be be forwarded to a subsequent system; a process known as "the double hop".

If the system is set for Kerberos it will fall back to NTLM if Kerberos cannot be used.

To answer your question, why would you select NTLM versus Kerberos? I have seen some diabolical issues when the various apps are not setup perfectly. I have seen experienced IT people super stressed out over it. If you don't have somebody qualified to do it, and you don't have the requirements for it, then I would select NTLM.

On a separate note, relevant to your environment, I have recently heard of a documented issue involving Kerberos with Claims Auth, but I have not gotten all of the specifics yet as to the scenario.

Mike Oryszak
  • 11,331
  • 1
  • 24
  • 38
  • @MikeOryszak Thanks for the response, as you say it falls back to ntlm anyway so there seems nothing to lose! I forgot to mention that there is a large possibility of dynamics integration in the future which would lend itself to the kerberos solution – redsquare Oct 01 '10 at 08:03
  • @redsquare - don't forget to mark this as the answer if you are satisfied that this answers the question, by hitting the check (tick) mark. Only the original poster of the question can do this. Thanks. – SPDoctor Nov 15 '11 at 10:40