Re: format of service principal name (SPN)

From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
Date: Fri, 28 Apr 2006 10:20:50 -0400

How exactly are you trying to set them.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net

---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm

Johnny wrote:

Thanks for the response. Yes this is in reference to Kerberos entities. The SPN allows
us to use the syntax I mentioned but for some reason it does not work with spaces in the servicename part (which accroding to docmumentation can be the distinguished name or ldap name of the service). Delegation of impersonated credentials to a remote server fails because the remote server receives the "anonymous logon" credential.

Thanks for any help

Shakti
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message news:%23anIGyNaGHA.3740@xxxxxxxxxxxxxxxxxxxxxxx
SPNs are Kerberos entities and they make use the the Kerberos
canonical name. The distinguished names you mention sound like
Ldap names.

"Johnny" <prem14@xxxxxxx> wrote in message news:%23uSzc4GaGHA.1204@xxxxxxxxxxxxxxxxxxxxxxx
Hello,

We need to set up the service principal name for a service in this format

<class>/<host:port>/<service name>

we provide the distinguished name of the service in question. However we found that this cannot have spaces in them. Surely distinguished names of objects can have spaces in them. Can you suggest a solution to this. If we use object guid what format do we enter that?

Thanks
Shakti

Follow-Ups:
- Re: format of service principal name (SPN)
  - From: johnny

References:
- format of service principal name (SPN)
  - From: Johnny
- Re: format of service principal name (SPN)
  - From: Roger Abell [MVP]
- Re: format of service principal name (SPN)
  - From: Johnny

Prev by Date: Re: AD administrators and domain admins groups
Next by Date: Re: Disabling Interactibg Login for Service Accounts
Previous by thread: Re: format of service principal name (SPN)
Next by thread: Re: format of service principal name (SPN)
Index(es):
- Date
- Thread

Relevant Pages

Re: format of service principal name (SPN)
... Joe Richards Microsoft MVP Windows Server Directory Services ... delegation to the server is not working because the proper user credentials is not being passed. ...
(microsoft.public.windows.server.security)
Re: Should IIS svr NOT be in domain
... I would recommend a standalone unless you have multiple machines that> need to work with each other, if that is the case, then you want to set> up a small domain in the DMZ for all of the machines to utilize. ... > Joe Richards Microsoft MVP Windows Server Directory Services ...
(microsoft.public.windows.server.security)
Re: IP address change on Active Directory Server
... door and note that shoed is not a mispelling of shoo'ed. ... Yeah those errors are most certainly DNS related. ... Joe Richards Microsoft MVP Windows Server Directory Services ...
(microsoft.public.win2000.active_directory)
Re: Debug privileges
... People were often writing them that way to either keep all data in one place or use the superior computing power of the server, security wasn't something they were thinking of. ... Joe Richards Microsoft MVP Windows Server Directory Services ... We are not the vendors of the software but if it is possible for us to create server-side software that limits what can be done from workstations then I assume that can be valuable. ... If the client software has full access to tell the server what to do and the server is just taking any request and doing whatever is requested, yes, you have no security. ...
(microsoft.public.platformsdk.security)
Re: delegation for "Server Operators" on Member Servers
... Joe Richards Microsoft MVP Windows Server Directory Services ... Defending Security Infrastructures http://blog.joeware.net/2006/07/11/445/ ... I view "complex" setting ACL for each services with GPO. ...
(microsoft.public.windows.server.active_directory)