Hi gurus,
can any one tell me what is “Service Principal Name” means?
thanks
BObjuser
BOBJ_USER (BOB member since 2004-10-26)
An SPN mapping allows a service on a particular server to be associated with an account responsible for the management of the service, thereby permitting mutual Kerberos authentication.
To use mutual Kerberos authentication, the Windows security
layer must be able to determine the account that a service is using. With an SPN map defined in Active Directory (AD), the Windows account responsible for the service can be ascertained and used for Kerberos authentication.
This mapping is necessary because many clients will compose an SPN based on the hostname and port the client is connecting to. Many services register SPNs for this reason; for example, Microsoft SQL Server registers an SPN if TCP/IP is enabled to facilitate Kerberos authentication, thereby avoiding the use of NTLM.
See
http://msdn.microsoft.com/en-us/library/ms677949%28VS.85%29.aspx
http://technet.microsoft.com/en-us/library/cc961723.aspx
nicholas (BOB member since 2008-07-31)