Wednesday, 8 June 2016

Managing SPNs

Posted by: Ashwin Venugopal

SPNs are for those accounts in whose security context a service executes. SPNs support mutual authentication between a client application and a service. SPNs are associated with accounts, and an account can have a different SPN for each service it is used to authenticate and execute.

SPN will look like this:
< service type >/< instance name >:< port number >/< service name >
http/Server1.domain.com:80/ServiceName

In many case Instance name and Service Names are same.

And hence it can be simplified to < service type >/< instance name >:< port number >

If you want to set SPN on ServiceAccountName, we must use the following command
setspn –s http/URL:80 ServiceAccountName
-s switch ensures that there is not already a duplicate SPN before proceeding with the creation.

To view a list of SPNs on the earlier URL, use the following command:
setspn –l URL

Thanks for reading.

No comments:

Post a Comment