Does Kerberos authentication present challenges when trying to create backups? If so, how can those issues be addressed?
In most cases, Kerberos authentication does not cause problems for backup and recovery. The major backup vendors design their products in a way that takes Kerberos authentication into account; therefore the backup application does not burden the administrator with any Kerberos-related configuration issues. However, there are exceptions.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Kerberos authentication can occasionally become an issue when Windows systems are being backed up using a backup application that is running on a non-Windows server. For instance, there are Linux-based backup applications that require special configurations (related to Kerberos) if they are going to be backing up Windows servers.
There are two main reasons why Kerberos authentication can sometimes be an issue. First, some non-Windows systems include a Kerberos module that doesn't offer quite as much functionality as native Windows-based Kerberos does. This doesn't usually cause any problems as long as the administrator adheres to the system requirements and configures the software correctly.
The other reason why Kerberos can sometimes be problematic for backup and recovery operations has to do with trust. When a Windows Server needs to copy data to or from another Windows Server, the CredSSP protocol is often used. This protocol is certificate-based and doesn't usually require any special configuration. The problem is that CredSSP is only valid over a single hop.
Kerberos offers a higher degree of flexibility for operations that require multiple hops, but Constrained Delegation may need to be enabled. Constrained Delegation allows a Windows Server to perform certain tasks on behalf of another Windows Server, thereby making multi-hop operations possible. Constrained Delegation can be enabled through the Active Directory Users and Computers console by right clicking on the container representing a target computer, and selecting the Properties command from the shortcut menu. The resulting properties sheet contains a Delegation tab that can be used to configure Kerberos delegation.
Dig Deeper on Backup and recovery software
Related Q&A from Brien Posey
Edge computing is finding its place in the enterprise to handle data growth. IT may use that same advantage to help address problems in a VDI ...continue reading
A ghost image can be used to copy the contents of one server to another for backup, but the process of creating ghost images may not be as simple as ...continue reading
Backup and recovery trends, such as hybrid cloud data protection, are gaining popularity in the IT industry. Are these three major trends part of ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.