Overview
When Kerberos authentication requires a "Double Hop" of credentials, Delegation must be configured on the network.
Definitions
Kerberos
Kerberos is a network authentication protocol which allows computers on a network to communicate with each other in a secure manner.
Single Hop
Before we define "Double Hop", let's look at a simple example of "Single Hop".
When a user contacts a server on a network, that user provides their authentication information.
This is a one-step process and requires no special setup.
Double Hop
If, however, that network server must then access other servers on the network AND the user's credentials must be authenticated on those other servers...
This is a "Double Hop" situation.
Essentially, the network must be configured to give the various systems permission to reuse the user's credentials to access resources hosted on a different server than the original server that was contacted by the user.
The configuration that grants this permission is referred to as "Kerberos Delegation".
Available Resources
As every network is unique, it would not be possible for Jet Global to provide detailed instructions for setting up Kerberos Delegation in your environment.
To help you to understand and configure Kerberos Delegation, here are just a few Internet references:
About Kerberos Constrained Delegation - MS TechNet
Kerberos Constrained Delegation Overview - MS Docs
How to Configure the Server to be Trusted for Delegation - MS TechNet
Comments