To select the appropriate authentication mode for your MOSS Web application configuration, here’s a quick guide to the differences between the available modes.

Trusted Account, Forms Authentication, or Windows Authentication with Trusted Accounts. If you configure the MOSS Web application to use Forms Authentication or Windows Authentication without enabling Kerberos, you must create a domain user account that is authorized to connect to your data source and use stored credentials because the MOSS Web application can’t forward the user’s credentials in this scenario. MOSS still authenticates the user and manages what the user can see and do, but external queries will run in the context of the trusted account.

Windows Authentication. Windows authentication mode works only when you enable Kerberos. When the user connects to the MOSS site, the Web application authenticates the user. When the user requests a report item, the application sends the user’s credentials to the report server to confirm that the user has access to that server. If so, the report server uses the credentials to authorize access to the requested item or operation and allows or denies the request as applicable. If a requested report uses a data source to retrieve data from yet another server, the credentials can be passed to this third server if the data source is configured to use Windows Integrated Security.

Main article: Information Integration: SSRS and MOSS 2007