Sunday, 13 July 2014

K2 Blackpearl OVERVIEW OF KERBEROS

Kerberos authentication is a type of Integrated Windows Authentication that allows delegation of users‟ credentials across multiple servers, allowing a server to pass the credentials of the user to another server or service. In contrast, NTLM, another type of Integrated Windows Authentication, can only pass user credentials to a single server, which is typically between client and server. If those credentials are required by a second server, Note: Users deploying K2 Web Designer workflows to SharePoint need 'Contributor' rights on the SharePoint site collection. The MOSS/WSS Web Application Pool account requires Write access to %COMMONPROGRAMFILES%\Microsoft Shared\web server extensions\12\Layouts\Features and %COMMONPROGRAMFILES%\Microsoft Shared\web server extensions \12\ISAPI and must be a local administrator on the server in order to log K2 blackpearl Server errors to the event log.
the NTLM "double-hop" problem is introduced. In a single server environment where all K2 blackpearl components are installed on one server, NTLM can be used. However, Kerberos authentication is required in a distributed environment where K2 blackpearl components or supporting technologies are installed on different servers on the network.
Security and Kerberos Authentication with K2 Servers