Stack Overflow
Stack Overflow

Questions tagged [spn]

A Service Principal Name (SPN) distinguishes a Kerberos-protected service running on an IP host (such as HTTP/foo.bar.com) as a unique entity on a Kerberos-protected network.

A service principal name (SPN) distinguishes a Kerberos-protected service running on an IP host (such as HTTP/foo.bar.com) as a unique entity on a Kerberos-protected network. In the Directory Server, an SPN is used by Kerberos authentication to associate the IP host service instance to a Directory account object. This allows a client application to request that the Kerberized service authenticate an account even if the client does not know the actual account name.

Reference: Service Principal Names (Windows) - MSDN - Microsoft https://msdn.microsoft.com/en-us/library/ms677949(v=vs.85).aspx

84 questions
1
vote
1 answer

Confusion about Kerberos, delegation and SPNs

I'm trying to write a proof-of-concept application that performs Kerberos delegation. I've written all the code, and it seems to working (I'm authenticating fine), but the resulting security context doesn't have the ISC_REQ_DELEGATE flag set. So I'm…
Vilx-
  • 104,512
  • 87
  • 279
  • 422
1
vote
0 answers

How kerberos recognizes SPN entries

Question 1: Is there a way to make setspn.exe take effects without the need to restart the computer? Question 2: I did set the SPN and ran my WCF service on the server. The client connected using Kerberos, then I changed the Identity element at…
ANUBIS
  • 31
  • 4
1
vote
1 answer

Kerberos - SPN and keytabs

I have a project that have embedded jetty with SPNEGO enabled. I would like to be able to run this project locally for development purposes (WITH SPNEGO enabled!) My question is, is the SPN and keytab associated with a particular server at all or…
Cheetah
  • 13,785
  • 31
  • 106
  • 190
1
vote
2 answers

Can't invoke setspn from PowerShell

I need to call Setspn.exe from PowerShell. but any tries are fail: setspn; Setspn; invoke-expression "setspn"; start-process setspn; But i can launch cmd, and i can call setspn from command line.
dr11
  • 5,166
  • 11
  • 35
  • 77
1
vote
2 answers

IIS running as service Account with AzMan

I have a requirement to have a website running as a service account for IP reasons, I also want to be able to use AzMan for Auth/Auth of the users. For some reason I can't seem to get these working together. I have set up a sample app to test the…
RhysC
  • 1,644
  • 1
  • 15
  • 23
1
vote
0 answers

kerberos anonymous logon

I'm trying to implement Kerberos authentication on Java to use Sharepoint 2010. Already made tons of configuration: SPN's, delegations, permissions, network. Using org.ietf.jgss implementation of Kerberos. Current state is the following: IE works…
Evgeny
  • 51
  • 5
0
votes
1 answer

How to change SharePoint Windows Authentication prompt times for login?

In my environment, my SharePoint 2010 is running on Windows Server 2008 R2 with IIS7. The expected behavior after adding SPNs was that the user was prompted 3 times by default. How to configure the prompt times? maybe 2 or 5 times?
JohnnyLiao
  • 443
  • 2
  • 9
  • 18
0
votes
0 answers

Kerberos Authentication with WCF not validating SPN

We have a WCF client and server authenticating with Kerberos Authentication. It is our understanding that during Kerberos authentication, if the server specifies the endpoint’s SPN, it will only accept connections from clients who specify that SPN.…
mindlesswaisty
  • 49
  • 4
0
votes
0 answers

Kerberos authentication fails with "Authorization header not set in the request"

I am running a forgerock environment with AM running on top of Tomcat container which resides on RHEL8. My users are coming from AD and they need to authenticate against AM while using Kerberos authentication. To this purpose a tree node was set up…
forgerocker84
  • 1
  • 1
0
votes
0 answers

What SPNs to set to allow AppPool identity to update AD Contact Info on behalf of user in IIS (Python App)?

I have a mock active directory domain CONTOSO. I have a domain-joined web server WEBSERVER1 running IIS 10 and there is a python flask app hosted on there. The appPool for that Flask app is set to a service account that I created…
moosearch
  • 176
  • 9
0
votes
0 answers

Find all the rights set for a specific SPN within Azure

I'm looking for a way to find all the rights that have set within Azure for a specific SPN. I'd like to have either through the GUI/AZ CLI/Powershell/Graph explorer a single result with all the rights set for this SPN. Is it possible ? Thanks in…
user3207481
  • 21
  • 4
0
votes
0 answers

Hyper-v manager errorcode 0x80090342

Hyper-v manager can't connect to server and gives this error, how can I fix it? Thanks What is the OS ? - win10 Are you connecting locally - remote do you connect by FQDN Do you use an account - right permissions
Igop
  • 11
  • 2
0
votes
0 answers

Cannot access msmdpump.dll by server name, but can by IP

Summary We are working to enable http(s) connectivity to our SSAS cubes. I have followed the Microsoft Documentation (link) to set up the msmdpump files and can successfully access them via SSMS and Excel by IP, but when the server name is entered a…
Josh Jay
  • 1,240
  • 2
  • 14
  • 26
0
votes
0 answers

List SPN's Script - Write results to file issue

Good morning everyone. I found this script on the InterWeb's which works phenominal. HOWEVER... No matter what I try, and where I put it, I can't seem to get it to do the results to an out-file. What the hell am I doing wrong, and where does the…
Charles Waters
  • 35
  • 5
0
votes
1 answer

Only on one server: "SQL Server Network Interfaces: The target principal name is incorrect."

(EDIT: I think this is sufficiently different from The target principal name is incorrect. Cannot generate SSPI context to not be a duplicate.) We've got two servers (SQL01 and SQL02) in the same domain. SQL Server on SQL02 can connect to SQL…
RonJohn
  • 349
  • 8
  • 20
1 2 3
4
5 6