The Central Administration Web Application must use Kerberos as the authentication provider.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-28119 | SHPT-00-000530 | SV-36726r1_rule | IAIA-1 IAIA-2 | Medium |
| Description |
|---|
| An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message. Techniques used to address this include protocols using nonce's or challenges (e.g., Transport Layer Security (TLS), WS_Security), and time synchronous or challenge-response one-time authenticators. |
| STIG | Date |
|---|---|
| SharePoint 2010 Security Technical Implementation Guide (STIG) | 2011-12-20 |
Details
| Check Text ( C-37021r1_chk ) |
|---|
| 1. Launch Central Administration. 2. Select Application Management. 3. Select Manage Web Application and choose the Central Administration web application. 4. From the ribbon, select Auth Providers. 5. Verify Negotiate (Kerberos) is selected for each zone. 6. Mark as not a finding if SharePoint is not used to process sensitive (not public releasable) information. 7. Mark as a finding if Kerberos is not enabled for each zone that processes sensitive (not public releasable) information. |
| Fix Text (F-32290r1_fix) |
|---|
| Enable Kerberos on the Central Administration Web Application. 1. Launch Central Administration. 2. Select Application Management. 3. Select Manage Web Application and choose the Central Administration web application. 4. From the ribbon, select Auth Providers. 5. Select the associated zone and enable Negotiate (Kerberos) and save. |