1. Security Administration Guide
  2. Creating a Service Principal Name (SPN) from the Active Directory Machine

Creating a Service Principal Name (SPN) from the Active Directory Machine

  1. Run the following command to create a service principal name (SPN):

    >setspn -S HTTP/OAM_Server ActiveDirectoryUserID

    Note:

    You can use the "-A" option, but "-S" checks for a duplicate SPN as shown in the following example. In the examples, JDE is the Active Directory user ID.

    This image is described in the surrounding test.

  2. Run the "ktpass" command to create the SPN and associate it with the Active Directory user ID that you created.

    ktpass -princ HTTP/yourdomain.com@JDELDAP.COM -mapuser ActiveDirectoryUserID -pass ###### -out C:\jde105.keytab -ptype KRB5_NT_PRINCIPAL -crypto ALL

    This image is described in the surrounding test.

  3. To verify that the SPN and the Key Tab file are set up correctly, view the user information from Active Directory, as shown in the following example:

    This image is described in the surrounding test.

    You can also use the "setspn" command to view the user information:

    >setspn -L ActiveDirectoryUserID

    This image is described in the surrounding test.

  4. Use the following command to remove the SPN:

    >setspn -D "SPN" ActiveDirectoryUserID

    This image is described in the surrounding test.

  5. After verifying the setup of the SPN and the Key Tab, copy the Key Tab file to the OAM server.