Configuration checklist
Here's a quick checklist of the items that need to be in place for KCD to function properly:
On the Active Directory Server:
AD account representing the NetScaler as a system User that can obtain tickets for other users
Keytab for this NetScaler User
Constrained delegation enabled for the NetScaler system account
List of resources that the end User can delegate to NetScaler for authentication
On the Web Server:
Kerberos enabled on the site
Best practice is to have NTLM enabled as fallback
On the NetScaler:
Authentication on the LB VIP. The server is added on the NetScaler with its domain/hostname – this is very important. The domain controller should also be able to resolve the hostname correctly:
Authentication vServer with authentication and session/traffic policies
Kerberos deployment options
There are a couple of choices available for implementing Kerberos:
Impersonation versus Delegation: To impersonate a User in the impersonation scenario, NetScaler needs the credentials...
