Kerberos is popular security best practice. In this post, I am going to work through how to setup the Kerberos connection for SQL Server.
Windows domain controller setup and have SQL Server on the same domain but in different host.
Domain Controller KDC
Make sure the KDC is running in the DC.
Make sure the FQDN is pintable from client
In my lab case, the FQDN is sgc1.stargate.com , We basically need to use the pingable name for the SPN.
If the pingable name is SGC1 only, than the SPN must to use the SGC1.
If the pinable name is SGC1.stargate.com. the SPN must be use SGC1.stargate.com
If both are pingable, than we have to use the FQDN which is SGC1.stargate.com
Setup TCPIP Port
SQL Server support Kerberos through Share memory, TCPIP and Name Pipe. Since I am going to connect from remotely, I like to set up the static Port Number.
Test kerberos connection
We can use below query to check whether the authentication is kerberos or not.
After make the initial connection, we can check the local ticket for the SPN.