On 11/28/2011 10:16 AM, John Hodrien wrote:
On Mon, 28 Nov 2011, Ondrej Valousek wrote:
Yes. My understanding is the only difference between a service principal and a user principal is that the KDC will not issue a ticket granting ticket to a service principal.
jh
Yes and it is no wonder because UPN and SPN serve a different task. I recommend searching MS technet for this. They have a nice explanation for this.
In simple terms it's service for a receiver and user for initiator. Unfortunately this can sometimes get a little blury. NFSv4 is a good example of that.
Exactly :-) . In NFSv4 the rpc.gssd expect the UPN and rpc.svcgssd SPN - and none is going to tell you this as none expect you will use Windows based KDC for NFSv4... :-( . In Linux based KDC there is no strict distinction for these I believe (citation needed here).