@alexal - Have a question before that. My AD admin has the same question. So how does the keytab file know which account it needs to look for, because I only provide the password of the account to generate the keytab file. Here is how I generated the keytab file btw. [an118000ad@sastestmd ~]$ ktutil ktutil: addent -password -p HTTP/sastestmd.core.local -k 1 -e arcfour-hmac Password for HTTP/sastestmd.core.local@CORE.LOCAL: ktutil: addent -password -p HTTP/sastestmd -k 1 -e arcfour-hmac Password for HTTP/sastestmd@CORE.LOCAL: ktutil: wkt /home/an118000ad/SASWeb.keytab ktutil: read_kt /home/an118000ad/SASWeb.keytab ktutil: list slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 1 HTTP/sastestmd.core.local@CORE.LOCAL 2 1 HTTP/sastestmd@CORE.LOCAL 3 1 HTTP/sastestmd.core.local@CORE.LOCAL 4 1 HTTP/sastestmd@CORE.LOCAL ktutil: quit Now the SPN is definitely created with that account. setspn -L src_sastestkrb Registered ServicePrincipalNames for CN=src_sastestkrb,OU=Service_Accounts,DC=core,DC=local: HTTP/sastestmd.core.local HTTP/sastestmd
... View more