Summary

The Kerberos protocol is an authentication mechanism that allows delegation. Delegation is required if Web Access or WebLink is running on a different machine than the Laserfiche Server and you want to use Windows authentication. Kerberos is also required for Windows authentication with Web Folders.

More Information

You must register a service principle name (SPN)for the Laserfiche Server service. The Laserfiche Server's service principle name for legacy clients (version 6 and 7) is:

LaserficheServer/FQDN

FQDN represents the fully qualified DNS name of the machine hosting the Laserfiche Server.

The Laserfiche Server's service principle name for version 8 clients is:

HTTP/FQDN

Here, FQDN represents the fully qualified DNS name of the machine hosting Web Access.

Related Links

Please see the following Laserfiche Knowledge Base article for related information on enabling Kerberos authentication with Laserfiche 7:

• 1001045 Enabling Kerberos Support for Windows Authentication.

Please see the following Microsoft Knowledge Base articles for detailed configuration information and troubleshooting procedures:

• http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerbdel.mspx
• 907272 Kerberos authentication and troubleshooting delegation issues
• 326985 How to troubleshoot Kerberos-related issues in IIS

You can download setspn.exe as part of the support tools for a Windows operating system. For example:

• http://www.microsoft.com/downloads/details.aspx?FamilyID=96a35011-fd83-419d-939b-9a772ea2df90&DisplayLang=en