Click here to get back home

format of service principal name (SPN)
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
format of service principal name (SPN) Johnny 04-25-2006
Posted by Johnny on April 25, 2006, 9:42 am
Please log in for more thread options
 Hello,

We need to set up the service principal name for a service in this format

<class>/<host:port>/<service name>

we provide the distinguished name of the service in question. However we
found that this cannot have spaces in them. Surely distinguished names of
objects can have spaces in them. Can you suggest a solution to this. If we
use object guid what format do we enter that?

Thanks
Shakti



Posted by Roger Abell [MVP] on April 25, 2006, 10:52 pm
Please log in for more thread options
 SPNs are Kerberos entities and they make use the the Kerberos
canonical name. The distinguished names you mention sound like
Ldap names.

> Hello,
>
> We need to set up the service principal name for a service in this format
>
> <class>/<host:port>/<service name>
>
> we provide the distinguished name of the service in question. However we
> found that this cannot have spaces in them. Surely distinguished names of
> objects can have spaces in them. Can you suggest a solution to this. If we
> use object guid what format do we enter that?
>
> Thanks
> Shakti
>



Posted by Johnny on April 26, 2006, 5:41 am
Please log in for more thread options
Thanks for the response. Yes this is in reference to Kerberos entities. The
SPN allows
us to use the syntax I mentioned but for some reason it does not work with
spaces in the servicename part (which accroding to docmumentation can be the
distinguished name or ldap name of the service). Delegation of impersonated
credentials to a remote server fails because the remote server receives the
"anonymous logon" credential.

Thanks for any help

Shakti
> SPNs are Kerberos entities and they make use the the Kerberos
> canonical name. The distinguished names you mention sound like
> Ldap names.
>
>> Hello,
>>
>> We need to set up the service principal name for a service in this format
>>
>> <class>/<host:port>/<service name>
>>
>> we provide the distinguished name of the service in question. However we
>> found that this cannot have spaces in them. Surely distinguished names of
>> objects can have spaces in them. Can you suggest a solution to this. If
>> we use object guid what format do we enter that?
>>
>> Thanks
>> Shakti
>>
>
>



Posted by Joe Richards [MVP] on April 28, 2006, 10:20 am
Please log in for more thread options
How exactly are you trying to set them.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm



Johnny wrote:
> Thanks for the response. Yes this is in reference to Kerberos entities. The
> SPN allows
> us to use the syntax I mentioned but for some reason it does not work with
> spaces in the servicename part (which accroding to docmumentation can be the
> distinguished name or ldap name of the service). Delegation of impersonated
> credentials to a remote server fails because the remote server receives the
> "anonymous logon" credential.
>
> Thanks for any help
>
> Shakti
>> SPNs are Kerberos entities and they make use the the Kerberos
>> canonical name. The distinguished names you mention sound like
>> Ldap names.
>>
>>> Hello,
>>>
>>> We need to set up the service principal name for a service in this format
>>>
>>> <class>/<host:port>/<service name>
>>>
>>> we provide the distinguished name of the service in question. However we
>>> found that this cannot have spaces in them. Surely distinguished names of
>>> objects can have spaces in them. Can you suggest a solution to this. If
>>> we use object guid what format do we enter that?
>>>
>>> Thanks
>>> Shakti
>>>
>>
>
>

Posted by johnny on April 28, 2006, 5:06 pm
Please log in for more thread options
The application registers the spn by calling DsGetSpn followed by
DsWriteAccountSpn. We have also tried setting it with ADSI edit.

Shakti
> How exactly are you trying to set them.
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> Author of O'Reilly Active Directory Third Edition
> www.joeware.net
>
>
> ---O'Reilly Active Directory Third Edition now available---
>
> http://www.joeware.net/win/ad3e.htm
>
>
>
> Johnny wrote:
>> Thanks for the response. Yes this is in reference to Kerberos entities.
>> The SPN allows
>> us to use the syntax I mentioned but for some reason it does not work
>> with spaces in the servicename part (which accroding to docmumentation
>> can be the distinguished name or ldap name of the service). Delegation
>> of impersonated credentials to a remote server fails because the remote
>> server receives the "anonymous logon" credential.
>>
>> Thanks for any help
>>
>> Shakti
>>> SPNs are Kerberos entities and they make use the the Kerberos
>>> canonical name. The distinguished names you mention sound like
>>> Ldap names.
>>>
>>>> Hello,
>>>>
>>>> We need to set up the service principal name for a service in this
>>>> format
>>>>
>>>> <class>/<host:port>/<service name>
>>>>
>>>> we provide the distinguished name of the service in question. However
>>>> we found that this cannot have spaces in them. Surely distinguished
>>>> names of objects can have spaces in them. Can you suggest a solution to
>>>> this. If we use object guid what format do we enter that?
>>>>
>>>> Thanks
>>>> Shakti
>>>>
>>>
>>


Similar ThreadsPosted
is objectSid the kerberos long term key of a principal? July 16, 2005, 3:29 pm
How do you create certificate in pkcs12 format? March 10, 2006, 8:31 am
certreq with name-format "Lastname, Firstname" November 17, 2006, 7:09 am
Ceritifcate Services Autoenrollment Subject Name Format April 23, 2006, 4:33 pm
CA certificate template custom subject name format January 9, 2007, 1:49 pm
CA certificate template custom subject name format January 16, 2007, 12:11 am
Export IPSec to Plain Text/XML - Readable Format August 10, 2007, 6:54 pm
how to add a service in gp? December 6, 2006, 10:34 am
RPC service property July 19, 2005, 6:19 am
Certificate Service September 17, 2005, 11:34 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap