0
votes

If I have single SharePoint server with no header (for testing) and my client app only needs to only access the web app with Kerberos configured, I already configured the app pool for that web app with domain user (SPN), do I really need to configure domain users (SPNs) for all services (e.g. SQL server, MOSS admin, farm, etc.) even though they’re all running on the same box configured with Network Service account?

The reason I asked because if I use fiddler to monitor the HTTP traffic, I see it negotiate to get Kerberos ticket i.e. I assume everything works? Auth format: No Proxy-Authorization Header is present. Authorization Header (Negotiate) appears to contain a Kerberos ticket: Raw format: Authorization: Negotiate YIIFoAYGKwYBBQUCoIIFlDCCB…

Thanks in advance, Frank

1
You might be better on ServerFault for this as its more of a sysadmin question.Ryan

1 Answers

0
votes

For "basic" collaboration or portal need, you only need to configure the SPN for your webapp.

Additional SPN are only needed if you need to use Business Intelligence functionalities (Excel Services, Reporting Services, ...) or PassThrough authentication (BDC or custom code).
And as you said, you won't need it in a one-box install.