Service Principal Names (SPNs) on Windows

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Service Principal Names (SPNs) on Windows

Markus Moeller
When I read lately about setspn on w2k/w2k3 I noticed that the SPN can be
service/host:port
(http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/name_formats_for_unique_spns.asp)
with a comment that :port can be used to differentiate between multiple
instances of the same service class.
Does anybody know if this is only for non-Kerberos use ? If not how does it
work with Kerberos ? Can I have two webservers on the same host listening on
port 80 and 81with two different SPNs (e.g.  HTTP/host and HTTP/host:81) ?
I saw the port being used for SPNs in SQL setups too.

Thanks
Markus


________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

RE: Service Principal Names (SPNs) on Windows

Jonathan Stephens
It depends on the application requesting the ticket. With the case of
HTTP and IE, the answer is no because IE doesn't append the port number
when building the SPN. YMMV with another browser.

Jonathan Stephens, MCSE MCSA
Microsoft Corporation
Escalation Engineer, Critical Problem Resolution (CPR)
* iNet: [hidden email]
* Wk: 980-776-8053

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On
Behalf Of Markus Moeller
Sent: Saturday, August 06, 2005 2:38 PM
To: [hidden email]
Subject: Service Principal Names (SPNs) on Windows

When I read lately about setspn on w2k/w2k3 I noticed that the SPN can
be service/host:port
(http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/
name_formats_for_unique_spns.asp)
with a comment that :port can be used to differentiate between multiple
instances of the same service class.
Does anybody know if this is only for non-Kerberos use ? If not how does
it work with Kerberos ? Can I have two webservers on the same host
listening on port 80 and 81with two different SPNs (e.g.  HTTP/host and
HTTP/host:81) ?
I saw the port being used for SPNs in SQL setups too.

Thanks
Markus


________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos