token authentication and SharePoint

We are thinking of setting up a SharePoint solution.
The problem is with authentication on the internet side so that we can allow people to access the SharePoint system from outside of the network.
I realise that SharePoint come with Kerberos built in but I'm not sure this will be enough. As far as I understand it, Kerberos relies on the user knowing a long term key. If someone was to find out the long term key then the security is basically rendered useless?

Discussions have been thrown around about using a 2 stage authentication process such as a token or maybe emailing a key to users.

Any ideas on the pros and cons of this with specific reference to SharePoint or internet portals ?

 

this link may be of some help.

http://technet2.microsoft.com/windo...4a01-42c1-9c28-f3691dc793191033.mspx?mfr=true

 

Its been a while since I did sharepoint development, but you can the different authentication methods that IIS supports (as sharepoint services run on top of IIS), eg Basic, Integrated Windows etc. As well as using Kerberos you can use NTLM, but be aware that NTLM and Kerberos wont work through proxy servers.

Your best bet is to use Client Certificates. This allows you to use SSL and can be used on extranets (through firewalls/proxies), though I have no experience of setting SSL and certificates up for Sharepoint though.

Theres a whole chapter in the Sharepoint Resource kit book and I think a google or search around http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en-us/stse10.mspx?mfr=true will help.

 

Thanks - I'll have a look through.
I don't believe SharePoint supports a 2 stage authentication process does it such as utilising tokens - this would have to be self developed ?

Kerberos only authenticates that the user says who they say they are but if they have the username and password to access a SharePoint server externally then I'm ot sure I really understand how this helps...