The following conditions apply when using Kerberos authentication
with SQL Server:
- The client and server computers must be part of the same
Windows domain, or in trusted domains.
- A Service Principal Name (SPN) must be registered with Active
Directory, which assumes the role of the Key Distribution Center
in a Windows domain. The SPN, after it is registered, maps to the
Windows account that started the SQL Server instance service. If
the SPN registration fails or has not been performed, then the Windows security
layer cannot determine the account associated with the SPN, and
Kerberos authentication will not be used.
Cross domain SQL Server usage and authentication does not apply
in this use case. For more information, see the appendix for where
to go next on that topic.
You can test the authentication method within the SQL server
Management Studio by running the following syntax:
SELECT auth_scheme FROM sys.dm_exec_connections WHERE session_id = @@spid;