Kerberos

To disable Kerberos authentication on IE browser:

1. In Internet Explorer, click Internet Options on the Tools menu.
2. Click the Advanced tab, click to select the Enable Integrated Windows Authentication uncheck box in the Security section, and then click OK.

It will force IE use NTLM protocol instead Kerberos in case if web site use "Integrated Windows Authentication"

references: http://support.microsoft.com/kb/299838/EN-US/

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/8feeaa51-c634-4de3-bfdc-e922d195a45e.mspx?mfr=true

Enabling Kerberos Event Logging on a Specific Computer:

http://support.microsoft.com/kb/262177/EN-US/

Introduction to Kerberos:

http://web.mit.edu/kerberos/www/dialogue.html

http://www.faqs.org/faqs/kerberos-faq/general/index.html

How to set SPN:

http://technet2.microsoft.com/WindowsServer/en/library/2bbd23c5-a01d-49bc-8b1c-6d309767c5e71033.mspx?mfr=true

From description of "List Web part for Microsoft Dynamics CRM"

If using a Network Service or a Local account for the SharePoint Products and Technologies application pool identity, there should only be SPNs for the host headers under the computer account. If using a domain user for the application pool identity, all of the SPNs should be under the domain user’s object.

Kerberos and application pools:

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/523ae943-5e6a-4200-9103-9808baa00157.mspx?mfr=true

About local accounts and default services:

http://www.microsoft.com/technet/security/topics/serversecurity/tcg/tcgch07n.mspx