on 05-02-2006 9:19 AM
What is KPN when configuring spnego?
The name of ADS?
Florin
Hi Florin,
the KPN of the J2EE Engine is this:
host/<fully_qualified_J2EE Enginehostname>@<DOMAIN_NAME>
after you map the KPN of the J2EE Engine to a ADS user ID with ktpass, you then map Service Principal Names (SPN) for the J2EE Engine KPN. On a ADS you use setspn for this purpose and the SPN is in this:
http/<fully_qualified_J2EE Enginehostname>@<DOMAIN_NAME>
(note that http denotes the service type)
For further info, see the J2EE Engine docu here:
http://help.sap.com/saphelp_nw2004s/helpdata/en/43/471720173f5f86e10000000a1553f6/content.htm
Regards,
Yonko
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
During your generation of the keytab file on your windows domain controller.
You would have done something like this:
Ktpass -princ host/portal.domain.dom@DOMAIN.DOM -pass <service_user_password> -out <keytab_file_name> +DesOnly /crypto DES-CBC-MD5 /ptype KRB5_NT_PRINCIPAL
ktpass -princ HTTP/portal.domain.dom@DOMAIN.DOM -pass <service_user_password> -out <keytab_file_name> -in <keytab_file_name> -mapUser <service_username> +DesOnly /crypto DES-CBC-MD5 /ptype KRB5_NT_PRINCIPAL
In this case the KPN (Kerberos Principal Name) is HTTP/portal.domain.dom@DOMAIN.DOM
Hope this helps.
See my blog on this topic :
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.