Does Kerberos authentication present challenges when trying to create backups? If so, how can those issues be addressed?
In most cases, Kerberos authentication does not cause problems for backup and recovery. The major backup vendors design their products in a way that takes Kerberos authentication into account; therefore the backup application does not burden the administrator with any Kerberos-related configuration issues. However, there are exceptions.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Kerberos authentication can occasionally become an issue when Windows systems are being backed up using a backup application that is running on a non-Windows server. For instance, there are Linux-based backup applications that require special configurations (related to Kerberos) if they are going to be backing up Windows servers.
There are two main reasons why Kerberos authentication can sometimes be an issue. First, some non-Windows systems include a Kerberos module that doesn't offer quite as much functionality as native Windows-based Kerberos does. This doesn't usually cause any problems as long as the administrator adheres to the system requirements and configures the software correctly.
The other reason why Kerberos can sometimes be problematic for backup and recovery operations has to do with trust. When a Windows Server needs to copy data to or from another Windows Server, the CredSSP protocol is often used. This protocol is certificate-based and doesn't usually require any special configuration. The problem is that CredSSP is only valid over a single hop.
Kerberos offers a higher degree of flexibility for operations that require multiple hops, but Constrained Delegation may need to be enabled. Constrained Delegation allows a Windows Server to perform certain tasks on behalf of another Windows Server, thereby making multi-hop operations possible. Constrained Delegation can be enabled through the Active Directory Users and Computers console by right clicking on the container representing a target computer, and selecting the Properties command from the shortcut menu. The resulting properties sheet contains a Delegation tab that can be used to configure Kerberos delegation.
Dig Deeper on Backup and recovery software
Related Q&A from Brien Posey
Don't let typical cloud backup issues slow down your organization. Stay in front of potential impacts to budget and bandwidth for a solid backup ...continue reading
As apps evolve, the tools IT uses to manage them have to as well. App virtualization in particular has altered management needs by requiring that IT ...continue reading
Expect data protection technologies to veer toward an expansion of recovery capabilities, as organizations need to be able to recover in multiple ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.