First, start off with a new user object. We recommend using a dedicated user for the purpose of mapping to map an SPN.
When running the ktpass-command, we need a user account to hold the SPN.
...
Make sure that the password never expires, and the user cannot change the password are set.
...
The details of of the new user account.
...
Creating the keytab with ktpass
Command / parameter |
| ||||
---|---|---|---|---|---|
| ktpass is included in widows windows 2008 onward and is located in C:\Windows\System32\ | ||||
| HTTP - defines the protocol. HTTP (uppercase) is used regardless of accessing the site with https | ||||
| Maps the Service Principal name Name to an Active Directory user account. A unique account for each service should be created. The account should be configured with "Password never expires" and "User cannot change password" checked. | ||||
/pass * | Some password. The password set , replaces the user password. | ||||
| The output location of the newly created keytab | ||||
|
|
...