Does Kerberos authentication present challenges when trying to create backups? If so, how can those issues be addressed?
In most cases, Kerberos authentication does not cause problems for backup and recovery. The major backup vendors design their products in a way that takes Kerberos authentication into account; therefore the backup application does not burden the administrator with any Kerberos-related configuration issues. However, there are exceptions.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Kerberos authentication can occasionally become an issue when Windows systems are being backed up using a backup application that is running on a non-Windows server. For instance, there are Linux-based backup applications that require special configurations (related to Kerberos) if they are going to be backing up Windows servers.
There are two main reasons why Kerberos authentication can sometimes be an issue. First, some non-Windows systems include a Kerberos module that doesn't offer quite as much functionality as native Windows-based Kerberos does. This doesn't usually cause any problems as long as the administrator adheres to the system requirements and configures the software correctly.
The other reason why Kerberos can sometimes be problematic for backup and recovery operations has to do with trust. When a Windows Server needs to copy data to or from another Windows Server, the CredSSP protocol is often used. This protocol is certificate-based and doesn't usually require any special configuration. The problem is that CredSSP is only valid over a single hop.
Kerberos offers a higher degree of flexibility for operations that require multiple hops, but Constrained Delegation may need to be enabled. Constrained Delegation allows a Windows Server to perform certain tasks on behalf of another Windows Server, thereby making multi-hop operations possible. Constrained Delegation can be enabled through the Active Directory Users and Computers console by right clicking on the container representing a target computer, and selecting the Properties command from the shortcut menu. The resulting properties sheet contains a Delegation tab that can be used to configure Kerberos delegation.
Dig Deeper on Backup and recovery software
Related Q&A from Brien Posey
With the right planning, transitioning to Backup Exec 16 from an earlier version can be smooth sailing, preserving data directories and retaining ...continue reading
Copy data management can help an organization lower its costs by cutting back on extraneous copies of data, but the technology can cause performance ...continue reading
Organizations that need to protect resources in the public cloud have a number of backup possibilities, some with more hazardous negatives than ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.