Service Principal Names (SPNs) are a must for kerberos
authentication which is a must when using sharepoint, reporting services and sql
server where you access one server that then needs to access another resource,
this is called the double hop. The reason this is a complex problem is that the
second hop has to be done with impersonation/delegation. For this to work there
needs to be a way for the security system to make sure that the service in the
middle is allowed to impersonate you, after all you are not giving the service
your password.
To do this you need to be using kerberos.
The following
is my simple interpretation of how kerberos works and the
easiest way to get it to work....
...