cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

spnego

Go to solution
Former Member

on ‎05-02-2006 9:19 AM

0 Kudos

What is KPN when configuring spnego?

The name of ADS?

Florin

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

yonko_yonchev
Active Participant
‎05-03-2006 4:03 PM
0 Kudos

Hi Florin,

the KPN of the J2EE Engine is this:

host/<fully_qualified_J2EE Enginehostname>@<DOMAIN_NAME>

after you map the KPN of the J2EE Engine to a ADS user ID with ktpass, you then map Service Principal Names (SPN) for the J2EE Engine KPN. On a ADS you use setspn for this purpose and the SPN is in this:

http/<fully_qualified_J2EE Enginehostname>@<DOMAIN_NAME>

(note that http denotes the service type)

For further info, see the J2EE Engine docu here:

http://help.sap.com/saphelp_nw2004s/helpdata/en/43/471720173f5f86e10000000a1553f6/content.htm

Regards,

Yonko

Show replies
Show replies

Answers (1)

Answers (1)

Former Member
‎05-02-2006 5:33 PM
0 Kudos

During your generation of the keytab file on your windows domain controller.

You would have done something like this:

Ktpass -princ host/portal.domain.dom@DOMAIN.DOM -pass <service_user_password> -out <keytab_file_name> +DesOnly /crypto DES-CBC-MD5 /ptype KRB5_NT_PRINCIPAL

ktpass -princ HTTP/portal.domain.dom@DOMAIN.DOM -pass <service_user_password> -out <keytab_file_name> -in <keytab_file_name> -mapUser <service_username> +DesOnly /crypto DES-CBC-MD5 /ptype KRB5_NT_PRINCIPAL

In this case the KPN (Kerberos Principal Name) is HTTP/portal.domain.dom@DOMAIN.DOM

Hope this helps.

See my blog on this topic :

Show replies
Show replies
Ask a Question