On 11/28/2011 10:16 AM, John Hodrien wrote:
On Mon, 28 Nov 2011, Ondrej Valousek wrote:
> Yes. My understanding is the only difference between a service principal and
> a user principal is that the KDC will not issue a ticket granting ticket to a
> service principal.
>
> jh
>
>
> Yes and it is no wonder because UPN and SPN serve a different task. I
> recommend searching MS technet for this. They have a nice explanation for
> this.
In simple terms it's service for a receiver and user for initiator.
Unfortunately this can sometimes get a little blury. NFSv4 is a good example
of that.
Exactly :-) . In NFSv4 the rpc.gssd expect the UPN and rpc.svcgssd SPN -
and none is going to tell you this as none expect you will use
Windows based KDC for NFSv4... :-( . In Linux based KDC there is no strict distinction for
these I believe (citation needed here).