Kerberos and NTLM same web application

Luiz Gouvea 61 Reputation points
2020-09-28T03:13:19.587+00:00

Good evening, is it possible to have a web application using Kerberos authentication and the extended using NTLM?

Microsoft 365 and Office | SharePoint Server | For business
Microsoft 365 and Office | Office Online Server
{count} votes

2 answers

Sort by: Most helpful
  1. MichaelHan-MSFT 18,126 Reputation points
    2020-09-28T06:03:39.877+00:00

    Hi @Luiz Gouvea ,

    As a workaround, you could extend the web application using Kerberos authentication to another IIS web site. Then for the extended web application, you could choose windows NTLM authentication.

    To extend the web application: go to Central Administration-> Application Management-> Manage web applications, selcect the web application and click extend button in the ribbon. Read here for more: extend-a-claims-based-web-application

    28603-image.png


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. trevorseward 11,711 Reputation points
    2020-09-28T12:58:01.383+00:00

    SharePoint operates with Negotiate; what this means is if Kerberos fails, NTLM is the fallback. NTLM is always required for Internet-based scenarios where the client cannot contact the KDC, hence using Negotiate in IIS rather than just Kerberos.

    As long as you configure the Web App to use Kerberos, you're all set. And of course you should avoid NTLM where ever possible.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.