This Article describes how to set Kerberos for your SharePoint Web Application, we consider that the kerberos is correctly confugured on the SQL side: SQL Service run with an Active Directory Account and the associated SPN is configured...

To create and configure web application with kerberos follow these steps:

  1. Create an Active Directory user account to run the IIS application pool.
  2. Set the SPN on this account.
  3. Trust Kerberos delegation on this account.
  4. Grant the rights "Local and Remote Activation" on the application pool account for the following DCOM object: IIS WARMREG ADMIN (for all web front end servers).
  5. Add the application pool account into the User Rights Assignments: "Act as a part of Operating System" (for all web front end servers).
  6. Create the web application with Host Header and select Kerberos for the authentication methods. Run the application pool with the application pool account created before.
  7. Edit the ApplicationHost.Config file on all web front end servers, locate this tag: <local path="name of yoursite">, next locate <windows security...> and modifify this tag as follow: <Windows security=.... UseAppPoolCredentials="TRUE" UseKernelMode="TRUE">
  8. Your are done.