We're trying to design a solution to host a SharePoint 2010 BI portal and allow access to external clients.
We currently have a resource forest setup where the SharePoint architecture will be built. This forest does not host user accounts, and we'd like to keep it this way.
The resource forest will contain both of the Front-end, and back-end services. So, we're considering setting up a new forest to host these external users and configuring a 2-way Forest Trust between the two. Both forests would be at Windows 2008R2 functional level.
Question revolves around Kerberos authentication delegation. We have a need to be able to audit user access down to the SQL database level. Therefore, my question is whether a 2-way Forest trust between my resource forest and the User forest allow for cross-forest Kerberos delegation of client credentials? In other words, will this setup allow us to pass back user credentials to back-end data sources to be able to audit what is being accessed?
Thanks in advance to any replies.