John W. Sopko Jr. wrote: > Without more information I would > only be speculating on how Microsoft intends one to use the "setspn" > command. Having multiple service principles attached to a single account > name is confusing.
Nothing to do with AFS, but "setspn" is useful even in a strictly Windows environment. I use it regularly in a couple of situations: - to allow kerberos authentication to work when accessing some services via a DNS alias. In this case you attach a SPN for each alias to the server's account. - to allow kerberos authentication to work with IIS when the associated pool is run with an account other than the standard local accounts (ex. Network Service). In this case SPNs for each server and any aliases are attached to the user account that runs the IIS pool. Marc _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
