Registering Service Principal Names
Registering Service Principal Names (SPN) is the second step in configuring Spotfire Server for the Kerberos authentication method.
Procedure
- Log in to the computer as a domain administrator or a user who is a member of the built-in Account Operators domain group.
-
From the Microsoft Support Tools package, use the
setspn.exe command-line tool to register two SPNs for the Kerberos service account:
- Execute the following two commands, replacing the variables as indicated in the table below the commands:
> setspn -S HTTP/<fully qualified hostname>[:<port>] <service account name> > setspn -S HTTP/<hostname>[:<port>] <service account name>
If the Spotfire Server is not listening on the default HTTP port 80 or the default HTTPS port 443, you should execute the setspn commands both with and without the port specified:> setspn -S HTTP/<fully qualified hostname>[:<port>] <service account name> > setspn -S HTTP/<hostname>[:<port>] <service account name> > setspn -S HTTP/<fully qualified hostname> <service account name> > setspn -S HTTP/<hostname> <service account name>
> setspn -S HTTP/spotfireserver.research.example.com spotsvc > setspn -S HTTP/spotfireserver spotsvc
This creates the following two SPNs for the "spotsvc" service account: To list the resulting Service Principal Names for a Kerberos service account, execute the following command:> setspn -L <service account name>
For example, for the "spotsvc" Kerberos service account, the previous command looks like this:> setspn -L spotsvc
- Execute the following two commands, replacing the variables as indicated in the table below the commands:
Previous topic: Creating a Kerberos service account
Copyright © TIBCO Software Inc. All rights reserved.