SharePoint 2010 Products introduce significant improvements in how identity is managed in the platform, as I’ve discussed in recent blog posts: Configuring Kerberos Authentication for Microsoft SharePoint 2010 Products and Configuring extranet access for PerformancePoint Services 2010.
NTLM authentication is an alternative to Kerberos authentication. NTLM is less strong, but in many production and test scenarios, Kerberos authentication is not necessary. In a new article, Configuring a SharePoint Server 2010 farm for business intelligence by using NTLM, we describe how to configure various business intelligence tools to use NTLM authentication. The article also has links to additional resources. The scenarios covered include the following:
In the trusted subsystem, the front-end service authenticates and authorizes the client then authenticates with additional backend services without passing the client identity to the back end system. The Secure Store Service is a frequently used method for authenticating to external sources of data. The diagram below is a sample from the article that shows how the Secure Store Service uses an independent account called the Unattended Service Account, to authenticate with the external system data. For an excellent article specifically on how to configure the Secure Store Service, see Using Secure Store with SQL Server Authentication.
Note: The topology in this example may be more or less complex than your own, but the essential characteristics of the client, SharePoint 2010 Server farm, and external system should remain consistent.