How-To: Check a servicePrincipalName

Environment

You are using additional services via kerberos and want to check weither or not the respective servicePrincipalName is working.

Check specific servicePrincipalName

To explicitly check a servicePrincipalName use the following syntax in your kinit command:

root@ucs:~# kinit -k -t /var/lib/samba/private/extapp.keytab -S HTTP/extapp.intranet.ucs krbauth_ext && klist && kdestroy
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: krbauth_ext@INTRANET.UCS

  Issued                Expires               Principal
Oct 14 12:51:55 2019  Oct 14 22:51:55 2019  HTTP/extapp.intranet.ucs@INTRANET.UCS

The -S option is to give a servicePrincipal followed by the desired servicePrincipalName and the related samAccountName.

1 Like
Mastodon