Add resources you find useful, and/or rearrange the ones that are here, for example, by adding new sections
Kerberos Explained Exploring Kerberos, the Protocol for Distributed Security Kerberos for the Busy Admin What's in a Token Frequently Asked Questions about Kerberos Sharing a Secret: How Kerberos Works Explained: Windows Authentication in ASP.NET 2.0 - an old article that explains Kerberos and NTLM and the differences between them. Kerberos Wiki Articles Kerberos: An Authentication Service for Open Network Systems
Kerberos [MSDN] Understanding Kerberos Double Hop Security Developer Resources Service Principal Names (SPNs) Windows Ports, Protocols, and System Services How the Kerberos Version 5 Authentication Protocol Works Kerberos: The Network Authentication Protocol [MIT] What Is in a Ticket? Kerberos documentation for Windows 7, Windows Vista and Windows Server 2008 R2 Kerberos and Load Balancing Active Directory Replication Over Firewalls Kerberos Authentication for Load Balanced Web Sites SCVMM Administrator Console Authentication Updated requirements for a Windows Server 2008 R2 domain controller certificate from a 3rd party CA Kerberos Authentication for IIS 7 Kerberos in Multi-Tier Applications - Part 1 - Properly Configuring SPNs Kerberos errors in network captures Configure Kerberos Forest Search Order (KFSO) topic on TechNet
Troubleshooting Kerberos Authentication problems – Name resolution issues Kerberos Authentication problems – Service Principal Name (SPN) issues - Part 1 Kerberos Authentication problems – Service Principal Name (SPN) issues - Part 2 Kerberos Authentication problems – Service Principal Name (SPN) issues - Part 3 Kerberos Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN How to enable Kerberos event logging Kerberos or NTLM Authentication? How can I easily check which one am I using KDC Event ID 26 How to troubleshoot Kerberos-related issues in IIS Event ID 11 : Kerberos could not authenticate a principal name because the name was not configured correctly Authentication requests between nodes in the same failover cluster may be unable to use the Kerberos protocol if the Negotiate SSP is specified in Windows Server 2008 R2 Accessing the FIM Identity Management Portal using a Sensitive Account (cannot be delegated) Troubleshooting AD Replication error 1908: Could not find the domain controller for this domain Error message when you use a Windows Server 2003-based domain controller to join a Windows XP-based client computer to a domain: "Not enough storage is available to complete this operation" Dynamics CRM 4.0 Kerberos Configuration Dynamics CRM Troubleshooting Kerberos (This is Part 2 of above) Good article showing how to use WireShark, Fiddler, ADSI Edit and Klist. Event ID 4 — Kerberos Client Configuration
Kerberos for Microsoft BI FIM 2010: Kerberos Authentication Setup FIM 2010 R2: Kerberos Authentication Setup Kerberos Interoperability Step-by-Step Guide for Windows Server 2003 How to Configure the Exchange 2010 RPS URI How It Works: Automatic Client Approval in Configuration Manager 2007 Enabling Kerberos Authentication for MAPI Clients Connecting to Exchange 2010 SP1 Configure Kerberos Authentication for SharePoint 2010 Products SharePoint 2010: Configuring Kerberos Authentication Plan for Kerberos authentication (SharePoint Server 2010) Updated requirements for a Windows Server 2008 R2 domain controller certificate from a 3rd party CA Understanding By-Design Behavior of ISA Server 2006: Using Kerberos Authentication for Web Proxy Requests on ISA Server 2006 with NLB Understanding Kerberos Credential Delegation in Windows 2000 Using the TktView Utility Configuring Kerberos (SharePoint 2010) New in SP2: Kerberos Authentication in Load Balanced Scenarios (Forefront TMG) Kerberos Security Support Provider (Windows Embedded Compact 7) What's new in Kerberos Authentication (Windows Server 8) Forefront UAG Troubleshooting: The Application Uses KCD for SSO, but No Claim Type Is Provided Windows Server 2008 and Windows Server 2008 R2 Support Tools Configuring Kerberos Authentication for Microsoft SharePoint 2010 Products
Registering Kerberos Service Principal Names by Using Http.sys Service Principal Name (SPN) checklist for Kerberos authentication with IIS 7.0/7.5
Kerbtray - This tool is used to display ticket information for a given computer running the Kerberos protocol. KList - View and delete the Kerberos tickets granted to the current logon session. Kerberos PowerShell Module - This module gives access to the Kerberos Ticket cache like klist.exe. Kerberos Authentication Tester -
Kerberos Authentication Demo Windows Authentication Deep Dive What Every Administrator Should Know - Tech·Ed North America 2011 Cracking Open Kerberos: Understanding How Active Directory Knows Who You Are - Mark Minasi Implementing Kerberos with PerformancePoint Services and Excel Services
E-Book Gallery for Microsoft Technologies (Includes "Configure Kerberos Authentication for SharePoint 2010 Products". This document covers the concepts of identity in SharePoint 2010 products, how Kerberos authentication plays a critical role in authentication and delegation in business intelligence scenarios, and the situations where Kerberos authentication should be leveraged or may be required in solution designs).
http://blog.kerberos.org/ Ask the Directory Services Team - Kerberos
Kerberos on stackoverflow Security for Applications in Microsoft Windows [MSDN] IIS 5.x & 6.0 - Security [MSDN] IIS7 - Security [MSDN]
Kerberos on Wikipedia Kerberos Network Authentication Service
Ed Price - MSFT edited Revision 61. Comment: Title and tags
nzpcmad1 edited Revision 60. Comment: Configure Kerberos Forest Search Order (KFSO) topic on TechNet
nzpcmad1 edited Revision 59. Comment: Event ID 4 — Kerberos Client Configuration
Richard Mueller edited Revision 55. Comment: Added tag
nzpcmad1 edited Revision 54. Comment: Kerberos Authentication Tester
nzpcmad1 edited Revision 53. Comment: Configuring Kerberos Authentication for Microsoft SharePoint 2010 Products
nzpcmad1 edited Revision 52. Comment: Kerberos: An Authentication Service for Open Network Systems
nzpcmad1 edited Revision 51. Comment: Dynamics CRM Troubleshooting Kerberos
nzpcmad1 edited Revision 50. Comment: Kerberos errors in network captures
nzpcmad1 edited Revision 49. Comment: Kerberos in Multi-Tier Applications - Part 1 - Properly Configuring SPNs
nzpcmad1 edited Original. Comment: Expand
nzpcmad1 edited Revision 1. Comment: Forums
nzpcmad1 edited Revision 2. Comment: Expand
Henrik Walther edited Revision 3. Comment: Added link to article explaining how to enable kerberos auth for Outlook against Exchange 2010 SP1
nzpcmad1 edited Revision 4. Comment: Tools
nzpcmad1 edited Revision 5. Comment: Format
nzpcmad1 edited Revision 6. Comment: Video
nzpcmad1 edited Revision 7. Comment: Sharing a Secret: How Kerberos Works
nzpcmad1 edited Revision 8. Comment: Configure Kerberos Authentication for SharePoint 2010 Products
nzpcmad1 edited Revision 10. Comment: Expand
nzpcmad1 edited Revision 11. Comment: Kerberos and Load Balancing
Peter Geelen edited Revision 12. Comment: Cleaned layout + added TOC
nzpcmad1 edited Revision 15. Comment: PowerShell
nzpcmad1 edited Revision 16. Comment: Updated requirements for a Windows Server 2008 R2 domain controller certificate from a 3rd party CA
nzpcmad1 edited Revision 17. Comment: Service Principal Names (SPNs)