Questions tagged [spn]

A Service Principal Name (SPN) distinguishes a Kerberos-protected service running on an IP host (such as HTTP/foo.bar.com) as a unique entity on a Kerberos-protected network.

A service principal name (SPN) distinguishes a Kerberos-protected service running on an IP host (such as HTTP/foo.bar.com) as a unique entity on a Kerberos-protected network. In the Directory Server, an SPN is used by Kerberos authentication to associate the IP host service instance to a Directory account object. This allows a client application to request that the Kerberized service authenticate an account even if the client does not know the actual account name.

Reference: Service Principal Names (Windows) - MSDN - Microsoft https://msdn.microsoft.com/en-us/library/ms677949(v=vs.85).aspx

84 questions

137

votes

52 answers

The target principal name is incorrect. Cannot generate SSPI context

I am struggling to get a SQL Server connection from machine A to machine B which is running the SQL Server. I have Googled extensively and all the things I have found have not worked. Nor do they lead you step by step through the process of solving…

asked Aug 31 '15 at 11:13

TheEdge

9,291
15
67
135

votes

2 answers

The SQL Server Network Interface library could not deregister the Service Principal Name (SPN)

I've set up a SQL Server service account with permissions to read and write service principal names. When SQL Server starts up I get the expected message in the logs showing that the service account has successfully registered the SPN: The SQL…

sql-server sql-server-2014 kerberos spn

asked May 20 '19 at 09:03

paulH

1,102
16
43

votes

2 answers

I'm having trouble authenticating over AD to windows machines from my ansible host. 'Server not found in Kerberos Database' on Ubuntu 16.10

I'm having trouble authenticating over AD to windows machines from my ansible host. I have a valid kerberos ticket - klist Credentials cache: FILE:/tmp/krb5cc_1000 Principal: ansible@SOMEDOMAIN.LOCAL Issued Expires …

authentication active-directory ansible kerberos spn

asked Mar 10 '17 at 16:33

Corey Manshack

votes

1 answer

Kerberos: difference between UPN and SPN

I'm now kerberizing a cross-platform application with GSSAPI. While I'm not clear about the difference between UPN and SPN. The development environment is a Samba4 AD DC server on CentOS 6.4 with a Windows server 2008 R2 a member box in the domain,…

kerberos samba gssapi spn

asked Aug 14 '13 at 14:15

Summer_More_More_Tea

12,740
12
51
83

votes

2 answers

What SPN do I need to set for a net.tcp service?

I have a wcf application hosted in a windows service running a local windows account. Do I need to set an SPN for this account? If so, what's the protocol the SPN needs to be set under? I know how to do this for services over HTTP, but have never…

wcf security spn

asked Sep 02 '08 at 03:41

Esteban Araya

29,284
24
107
141

votes

1 answer

What is the correct format to specify SPN?

First, the Service principal name is registered for a user using setspn command. setspn -a CS/dummy@abc.com dummyuser setspn -l dummyuser gives the output as CS/dummy@abc.com Next, when ktpass command is executed with /mapUser option, the…

kerberos spn keytab

asked Jun 10 '16 at 09:03

Vanathi

votes

2 answers

Setting SPN on endpointaddress for NetNamedPipe service endpoint

I'm getting the "There was no endpoint listening at net.pipe://localhost" error as described in other places but I cannot seem to find a real answer. This is a great identifier of the problem: http://kennyw.com/indigo/102 When using WCF, Windows…

wcf netnamedpipebinding spn

asked Sep 16 '10 at 17:55

webwires

2,572
3
26
44

votes

1 answer

Where do I run the setspn command?

I am trying to add a Service Principal Name with the below command, which I am using for Windows Authentication. setspn –a HTTP/Kerberos.com domain\username I have a site running on IIS Server which is running on windows 2008 server connected to…

kerberos windows-authentication domaincontroller spn

asked Oct 13 '15 at 11:26

Kalpesh

votes

1 answer

expected identity upn connecting to service as network service,

We have a web application, running in an application pool as 'NETWORK SERVICE'. The web application connects to a service (.svc) on another web server. The other web server also has the service hosted as 'NETWORK SERVICE'. I believe this is the…

wcf authentication spn upn

asked May 27 '10 at 12:06

Jim

14,952
15
80
167

votes

1 answer

WCF - Why netTCPBinding works fine with Kerberos authentication without any SPN setting?

In one of our networks we are utilizing the netTCPBinding. The WCF service hosted in windows service that run as a domain account. From the event viewer I can see that my WCF service uses Kerberos authentication. Everything works seamlessly…

wcf security kerberos nettcpbinding spn

asked Feb 05 '10 at 15:33

ablei2000

votes

3 answers

How should I use this SetSPN command when installing SharePoint

In the SharePoint install document I have it says, If you use a domain user account for the SQL Server service account, you must make sure that a valid service principal name (SPN) for that account and instance of SQL Server on their …

sharepoint spn

asked Feb 05 '09 at 05:16

Paul Rowland

8,244
12
55
76

votes

1 answer

Kerberos keytab file contains multiple entries

I am trying to authenticate a user for my service using kerberos. I attached SPN to a user using setspn -s HTTP/ . Then I used ktpass command for the above SPN attached user. But the generated keytab file has multiple entries,…

encryption kerberos spn keytab ktpass

asked Dec 23 '15 at 06:28

user3106657

votes

1 answer

Java/SPNEGO: Unwanted SPN canonicalization?

I'm currently trying to implement a Java client to an SPNEGO protected web service using the SPNEGO library from SourceForge (the server is using the same library). I can not get it to authenticate successfully, my requests always end up as…

java windows kerberos spnego spn

asked Sep 01 '12 at 16:57

themel

8,825
2
32
31

votes

1 answer

What is the use of the pre-auth user in SPNEGO SSO configuration?

I'm using SPNEGO in order to implement SSO solution. During the configuration, I was required to use domain user credentials in 2 steps: In the web.xml of my application: spnego.preauth.username …

single-sign-on kerberos spnego spn

asked Apr 01 '21 at 09:28

oabouzaid

votes

1 answer

How do I register Network Service as an SPN?

I registered a domain account as an HTTP SPN earlier today before realising that it would break my Network Service app pools, so I then deleted those registrations for the domain account. I think I now need to add Network Service back as an SPN to…

iis iis-6 spn

asked Feb 17 '11 at 17:29

anna

2 3 4 5 6 Next