質問

I have to configure Kerberos for PerformancePoint and I have one farm account for all services in test farm. I need add delagtion for Performance Account.

Can I use Farm account to set spn as below for PerformancePoint and add delegation to SQL account?

setspn -s SP\PPS Domain\Farm account

If any other services won't have problem with it?

役に立ちましたか?

解決

From the technical point of view you can use this one account for this purpose. From a best practice I would not recommend it. Enabling delegation is always a securitry threat.

Please check out this Microsoft KB article for all the needed details:

http://support2.microsoft.com/kb/2723073

From reading your questions I get the impression you are missing some pieces. The SPN and the delegation are only one part of the final solution. The service/datasource that will be addressed must be also running on kerberos. For Performance Point Services we are talking about constrained delegation (with protocol transition) so you need to explicitly name each kerberos enabled data source to allow delegation.

Take a look at the KB article and for even more kerberos fun read this MS paper on SP and Kerberos:

http://www.microsoft.com/en-us/download/details.aspx?id=23176

ライセンス: CC-BY-SA帰属
所属していません sharepoint.stackexchange
scroll top