We have a SharePoint site on it's own domain and are debating using Forms Authentication or Active Directory. Really we would like the power of kerberos with the flexibility and transparancy of a forms authentication (like storing the users in sqlserver using sqlmembershipprovider in asp.net). Is there any way to force Active Directory to authenticate against our user store, or can we set up a kerberos authentication server that isn't active directory?
Thanks!
Maybe ADAM might be helpful for your scenario: http://www.microsoft.com/windowsserver2003/adam/default.mspx
The problem with Forms authentication is that it misses some end user GUI controls like: change password, forgot password etc. We implemented it on a project and had to do a lot of coding to achieve good usability for the end users.
You might also want to look into using ISA Server to help you out: http://blogs.msdn.com/jannemattila/archive/2007/07/23/isa-moss-makes-life-a-lot-easier-for-fba.aspx