Tuesday, 20 September 2016

How to Setup Kerberos Correctly

David was in Copenhagen this weekend delivering his Kerberos talk Taming the Beast: Kerberos for the SQL DBA to SQL Saturday Denmark. I have had a quick chat with him via email since he got back and he said he had a great time. The event was very well attended with 280+ attendees and his talk was well attended.

I think David is planning submitting a few sessions to SQL Saturday events in Europe in the next few months so look out for him there and we'll keep you posted as to his whereabouts when schedules get finalised later in the year.

David has pre-recorded his Kerberos talk. You can watch on you tube and I have also embedded it in this post if you want to see what his kerberos talk  covers...


4 comments:

  1. Excellent presentation on how to configure SQL for Kerberos - I never knew it was so easy.

    ReplyDelete
    Replies
    1. I'm glad you found it useful...I'm sure David will be pleased too.

      Delete
  2. Useful presentation. The bit I will add is that using KLIST /purge is not limited to the client machine. When I've configured Kerberos delegation and it's not working yet, I just KLIST /Purge on both servers (can never remember which is the one that actually matters) and it the double-hop authentication springs into life.

    In the past I would have said "give it time" when it wasn't working after being correctly configured. And I still like to setup 24hours before it's needed, to give all the AD servers a chance to replicate. So many times I've come across extraneous SPNs configured, and both services and servers on both ends of the double-hop configured to delegate, as the Admins have opted for the scatter-gun approach when the initial configuration didn't immediately produce results.

    ReplyDelete