Stack Overflow
Stack Overflow

Questions tagged [spn]

A Service Principal Name (SPN) distinguishes a Kerberos-protected service running on an IP host (such as HTTP/foo.bar.com) as a unique entity on a Kerberos-protected network.

A service principal name (SPN) distinguishes a Kerberos-protected service running on an IP host (such as HTTP/foo.bar.com) as a unique entity on a Kerberos-protected network. In the Directory Server, an SPN is used by Kerberos authentication to associate the IP host service instance to a Directory account object. This allows a client application to request that the Kerberized service authenticate an account even if the client does not know the actual account name.

Reference: Service Principal Names (Windows) - MSDN - Microsoft https://msdn.microsoft.com/en-us/library/ms677949(v=vs.85).aspx

84 questions
2
votes
1 answer

Why my Windows service only establishes connection with database when SQL Server Service runs under Local System account?

My windows service is using integrated authentication and running under Local System account and got the below exception. The target principal name is incorrect. Cannot generate SSPI context. The SQL Server Service is running under domain admin…
Imran Yaseen
  • 543
  • 1
  • 5
  • 20
2
votes
2 answers

Kerberos and multiple SPNs

I managed to setup Kerberos authentication for 1 server and is up and running ok. Now I have a project where I have to add another server to Kerberos configuration as follow: 1) AD server 2) server1 where service is running 3) server2 where same…
novak100
  • 1,259
  • 1
  • 12
  • 20
2
votes
1 answer

Is it possible to configure SPENGO irrespective of fully qualified host name

I have configured SPENGO for WebSphere and current SPENGO is working fine for fully qualified hostname say appserver.robo.com, I want a SPENGO configuration which can work for both appserver.robo.com/productName as well as appserver/productName. Is…
Technogix
  • 77
  • 13
2
votes
1 answer

Set SPN same as UPN with Centrify on Linux

Hi I'm configuring Kerberos with Centrify on a linux environment. I'm much more familiar with Windows. I know with MIT Kerberos in Linux, I can create a new account using the SPN as UPN. Is this the same processes when using Centrify?
LakeMichigan
  • 677
  • 1
  • 7
  • 12
2
votes
0 answers

Kerberos authentication works in IE, not Chrome: 401 error

I've set up my Internet Explorer so that it can pass Active Directory login credentials using Local Intranet settings to Kerberos. As far as I know, Chrome just copies these settings from IE. I am however getting 401 errors when making XHR request…
koruki
  • 57
  • 1
  • 8
2
votes
1 answer

Is the default default SPN for a WCF Client `host/myhostname` or `http/myhostname` and why?

Due to this question the default behavior when no identity is specified is host/myhostname. However this seems not totally true. I have a SOAP WCF Service (it's a Dynamics NAV Webservice but this should not matter for the following since the…
Lux
  • 17,835
  • 5
  • 43
  • 73
2
votes
1 answer

kerberos: how the client knows the service name to request ticket to?

Let's assume that the client wants to authenticate himself to a HTTP proxy. The proxy is configured with kerberos, and has clearly the service name HTTP/proxy.foo.bar set in it's configs. How does the client know which service name to request the…
drookie
  • 179
  • 3
  • 11
2
votes
0 answers

ImpersonationLevel is still Impersonation instead of Delegation even with SPNs and allowing delegation on the machine

ImpersonationLevel on my WindowsIdentity is still Impersonation instead of Delegation even with SPNs and permitting Kerberos delegation on the machine. I have the exact same setup in development, where I also double hop to the development…
Matt
  • 25,943
  • 66
  • 198
  • 303
2
votes
1 answer

Client unable to authenticate when connecting to WCF service

I have a WCF service hosted in a Windows service. The application is an intranet app, and I have programmatically set the bindings on both the service and the client as: NetTcpBinding aBinding = new…
davecoulter
  • 1,806
  • 13
  • 15
1
vote
1 answer

Active Directory Service Principal is giving Invalid value for key 'authentication'

I am trying to execute a SSIS package where source is SQL Server and destination is Azure SQL with authentication "Active Directory Service Principal". ODBC driver is 17.8 and OLEDB driver is 18.5. While executing the SSIS package, it fails for a…
user3934763
  • 23
  • 7
1
vote
1 answer

Does Oauth Authorization Code flow generates a service principal sign in event?

in Oauth Client credentials flow, when application gets an access token after authenticating using the credentials There will be a Service Principal SignIn event. I wanted to know whether there will be a SPN SignIn event for Oauth authorization code…
user14913641
  • 13
  • 2
1
vote
1 answer

Having issues connecting to SQL instance using Windows credentials by computer name but can connect by FQDN

This is my first post here so I do apologize for any formatting issues/inexperience all around. I have a SQL Server with two instances (a default instance and named instance). The SQL Server was initially joined to one domain but had later been…
ahuber
  • 41
  • 1
  • 1
  • 5
1
vote
0 answers

How to handle different servernames with SPN, apache2 on OpenShift, and kerberos SSO auth

I'm trying to create a generic apache2 webserver as an authentication "gateway". Scenario: Someone browses to spn-servername.active-directory.int/secure, apache should try to use kerberos to verify the user (best case with SSO) and redirect him to a…
schumischumi
  • 33
  • 1
  • 6
1
vote
1 answer

Enabling Kerberos for Microsoft SQL Server Reporting Services

I am trying to enable Kerberos for MS SQL Server Reporting Services. I am fairly familiar with Windows security and how it works. However, I am new to Scale Out Deployment and Clustering of Windows Servers. I know I need to add SPNs that direct…
lawlesm
  • 13
  • 1
  • 5
1
vote
1 answer

Azure powershell : find which principal created or modified a given principal

I need to find which principal has modified or created a given principal. We can have the list of modified principals using the Microsoft Graph Api: https://graph.microsoft.com/beta/servicePrincipals/delta I want to find the creator of this…
T.Radius
  • 43
  • 1
  • 7
1
2
3 4 5 6