Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience.You will not be able to leave comments.

Creating a service principal name

This topic describes how to create a service principal name (SPN) for this instance of the BMC Server Automation Authentication Service.

Use the setspn utility to create an SPN for this instance of the BMC Server Automation Authentication Service.

The SPN has the following format: <serviceClass>/<instance>

  • <serviceClass> identifies the general class of service. There are well-known service class names, such as www for a web service or ldap for a directory service.  
  • <instance> is a string identifying this particular instance of the BMC Server Automation Authentication Service.

To create a SPN for this instance of the BMC Server Automation Authentication Service

In the following procedure, blauthsvc is used as the <serviceClass> to indicate the BMC Server Automation Authentication Service.

  1. Run the following command:

    setspn -A blauthsvc/<instance> blauthsvc

    <instance> is the instance of the BMC Server Automation Authentication Service that is associated with this SPN. For example: app4 

    The final blauthsvc on the command line refers to the user account you just created for the Authentication Service.
    It is a convention to set <instance> to a fully qualified host name, but not a requirement. In fact, <instance> does not even have to be associated with a host name. If you later change your Authentication Server for some reason, you can continue to use the same service principal name.

  2. In Microsoft Windows Server 2000 environment, modify the User Logon nameto match the service principal name as follows. (On Windows Server 2003, ktpass does this step automatically.)
    1. In the Active Directory Users and Computers window, expand the domain name for the BMC Server Automation Authentication Server so that it shows the Users folder in the left column.
    2. Click the Users folder, and then double-click the blauthsvc user in the right column.
      The Properties window for that user appears.
    3. Click the Account tab.

    4. Change User logon name from blauthsvc to the instance identifier that you just used with setspn. For example:

      blauthsvc/<instance>

      In this example, you would change it to:

      blauthsvc/app4

       

      Note

      Do not change the pre-Windows 2000 name.

    5. Click OK.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*