If I have single SharePoint server with no header (for testing) and my client app only needs to only access the web app with Kerberos configured, I already configured the app pool for that web app with domain user (SPN), do I really need to configure domain users (SPNs) for all services (e.g. SQL server, MOSS admin, farm, etc.) even though they’re all running on the same box configured with Network Service account?
The reason I asked because if I use fiddler to monitor the HTTP traffic, I see it negotiate to get Kerberos ticket i.e. I assume everything works? Auth format: No Proxy-Authorization Header is present. Authorization Header (Negotiate) appears to contain a Kerberos ticket: Raw format: Authorization: Negotiate YIIFoAYGKwYBBQUCoIIFlDCCB…
Thanks in advance, Frank