Abusing Service Principal Names
- by Vince
-
in Blog
-
Hits: 743
"A service principal name (SPN) is a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. This allows a client application to request that the service authenticate an account even if the client does not have the account name."
I have to be honest, in my many years as an administrator, I've never had to set this up. Though as a penetration tester, I like to understand both sides of what's going on. I've used GetUserSPNs a few times but the question that I've asked myself is -- how did this happen?