Skip to Content
Information
Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Creating a service principal name

This topic describes how to create a service principal name (SPN) for this instance of the 

Warning

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

Authentication Service.

Use the setspn utility to create an SPN for this instance of the 

Warning

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

Authentication Service.

The SPN has the following format: <serviceClass>/<instance>

In the format:

  • <serviceClass> identifies the general class of service. There are well-known service class names, such as www for a web service or ldap for a directory service.  
  • <instance> is a string identifying this particular instance of the  
    Warning

    The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

    Authentication Service.

To create a SPN for this instance of the BMC Server Automation Authentication Service

In the following procedure, blauthsvc is used as the <serviceClass> to indicate the  

 Authentication Service.

  1. Run the following command:

    setspn -A blauthsvc/<instance> blauthsvc

    where <instance> is the instance of the  

    Warning

    The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

    Authentication Service associated with this SPN. For example: app4
    The final blauthsvc on the command line refers to the user account you just created for the Authentication Service.
    It is a convention to set <instance> to a fully qualified host name, but this is not a requirement. In fact, <instance> does not even have to be associated with a host name. If for some reason you later change your Authentication Server, you can continue to use the same service principal name.

  2. In Microsoft Windows Server 2000 environment, modify the User Logon name to match the service principal name as follows. (On Windows Server 2003, ktpassdoesthis automatically.)
    1. In the Active Directory Users and Computers window, expand the domain name for the 
      Warning

      The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

      Authentication Server so that it shows the Users folder in the left column.
    2. Click the Users folder, then double-click the blauthsvc user in the right column.
      The Properties window for that user appears.
    3. Click the Account tab.

    4. Change User logon name from blauthsvc to the instance identifier you just used with setspn, that is:

      blauthsvc/<instance>

      In this example, you would change it to:

      blauthsvc/app4
      Warning

      Note

      Do not change the pre-Windows 2000 name.

    5. Click OK.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Decision Support for Server Automation 8.2