What is the correct format for specifying SPN?

Question

What is the correct format for specifying SPN?

Firstly, the name of the service participant is registered for the user using the setspn command.

setspn -a CS / dummy@abc.com dummyuser
setspn -l dummyuser

gives the result as

CS / dummy@abc.com

Then, when the ktpass command is executed with the / mapUser switch, the service principal name of the user account changes so that the domain component is dropped.

ktpass / pass Password @ 123 -out dummy.1.keytab -princ CS / dummy@abc.com -crypto DES-CBC-MD5 + DumpSalt -ptype KRB5_NT_PRINCIPAL + desOnly / mapOp set / mapUser dummyuser
setspn -l dummyuser

gives the result as

CS / dummy

Do both of the following commands work correctly and work the same?

setspn -a CS / dummy dummyuser
setspn -a CS / dummy@abc.com dummyuser

SPN ? ?

+4

kerberos spn keytab

Vanathi 10 . '16 9:03

1

T-Heron · Answer 1 · 2016-11-06T14:37:54+0000

, , Windows Active Directory? , "ktpass", , Windows. , , Active Directory - abc.com, Kerberos - ABC.COM.

keytab, SPN (, Kerberos), SPN , SPNs.
Kerberos keytab. , . SSB Kerberos . Kerberos "/mapUser". , .
, DES. . , , .
"setspn -a" SPN , "setspn -s", "-s" SPN, "-a" - (. "setspn -s" vs. "setspn -a" ).
, - SPN (.. dummy.abc.com, ). , NTLM Kerberos, .
, DNS Kerberos, Kerberos DNS ( /etc/krb 5.conf, UNIX/Linux Windows , C:\Windows\krb5.ini, ), Kerberos SPN "setspn -a" "setspn -s", Kerberos.

, , , , :

setspn -a CS/dummy dummyuser

:

setspn -s CS/dummy.abc.com dummyuser

keytab, DES, .

ktpass +rndPass -out dummy.1.keytab -princ CS/dummy.abc.com@ABC.COM -crypto DES-CBC-MD5 +DumpSalt -ptype KRB5_NT_PRINCIPAL +desOnly /mapOp set /mapUser dummyuser@ABC.COM

What is the correct format for specifying SPN?

More articles: