I just came across Ken Schaefer’s blog, and I found that he has posted a series of excellent posts concerning various aspects of getting Integrated Windows Authentication / Kerberos to work on IIS:
- IIS and Kerberos. Part 1 – What is Kerberos and how does it work?
- IIS and Kerberos. Part 2 – Service Principal Names
- IIS and Kerberos. Part 3 – A simple scenario
- IIS and Kerberos. Part 4 – A simple delegation scenario
- IIS and Kerberos Part 5 – Protocol Transition, Constrained Delegation, S4U2S and S4U2P
- IIS and Kerberos Part 6 – New in IIS 7
- IIS and Kerberos Part 7 – A simple cross Forest scenario
- IIS and Kerberos Part 8 – a simple cross Forest/Domain delegation scenario
- IIS and Kerberos Part 9 – Cross Forest Delegation scenario with UPN suffix routing
Simply a great source of information!