Service Principal Names (SPNs) on Windows
Jonathan Stephens
jonsteph at microsoft.com
Mon Aug 8 13:00:02 EDT 2005
It depends on the application requesting the ticket. With the case of
HTTP and IE, the answer is no because IE doesn't append the port number
when building the SPN. YMMV with another browser.
Jonathan Stephens, MCSE MCSA
Microsoft Corporation
Escalation Engineer, Critical Problem Resolution (CPR)
* iNet: jonsteph at microsoft.com
* Wk: 980-776-8053
-----Original Message-----
From: kerberos-bounces at MIT.EDU [mailto:kerberos-bounces at MIT.EDU] On
Behalf Of Markus Moeller
Sent: Saturday, August 06, 2005 2:38 PM
To: kerberos at MIT.EDU
Subject: Service Principal Names (SPNs) on Windows
When I read lately about setspn on w2k/w2k3 I noticed that the SPN can
be service/host:port
(http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/
name_formats_for_unique_spns.asp)
with a comment that :port can be used to differentiate between multiple
instances of the same service class.
Does anybody know if this is only for non-Kerberos use ? If not how does
it work with Kerberos ? Can I have two webservers on the same host
listening on port 80 and 81with two different SPNs (e.g. HTTP/host and
HTTP/host:81) ?
I saw the port being used for SPNs in SQL setups too.
Thanks
Markus
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list