A service principal is the name by which a client uniquely identifies an instance of
a service, and is associated with the security principal in whose security context the
service executes. To add a service principal, you must first create a Kerberos Realm and add
a Key Distribution Center.
To add a DNS service principal for a Kerberos Realm:
-
Select the Global tab in the sidebar, then select
Configurations.
-
Select the name of a configuration.
-
Select the Kerberos realms tab.
-
Select the name of a Kerberos realm.
-
Select the Kerberos service principals tab.
-
Select New.
-
Under General, set the name, key version number, and
password:
- Name—enter the name for the Kerberos service
principal defined in the User Logon name field in Windows configuration
section. The typical syntax for service principal names is
primary/instance. Primary is either a username or the
name of a service. Instance provides information that qualifies
the primary, such as describing the intended use of the credentials for
a user or the fully qualified hostname for a host. Example:
DNS/<adonis server name>.example.com
- Key version number—enter the
msDS-KeyVersionNumber attribute value as displayed in
ADSI Edit on the Windows DC for the
principal’s Kerberos key. If you use ktpass command, the key version
number (vno#) value can be found in the output .keytab
file.
- Password—enter the principal’s Kerberos password.
This is the AD user account password created on Windows DC.
-
In the Change control
section, add comments if required.
-
Select Create or Create and add
another.