SETSPN

Question

Post reply

SETSPN

Viewing 7 posts - 16 through 21 (of 21 total)

You must be logged in to reply to this topic. Login to reply

Carl Landry Hall of Fame Points: 3578 More actions · Answer 1

Carl Landry

Hall of Fame

Points: 3578

October 17, 2014 at 7:22 am

#1753145

I like the "mofified". Still have to figure-out how SETSPN can do this.

stephen.long.1 SSCrazy Points: 2581 More actions · Answer 2

carl.landry (10/17/2014)

I like the "mofified". Still have to figure-out how SETSPN can do this.

I'm glad no one is flaming Steve for that typo. When you Google "mofified", it's amazing how many web sites are using that "word" when they meant to say "modified". It's also an easy typo to make when you consider the positions of "d" and "s" on a QWERTY keyboard.

Hey, that's part of how English changes. A LOT of our now-common words are actually misspellings of Olde English or foreign words.

I'm glad Steve didn't move his finger the other way and say that it "mosifies" Server Principal Names, because then the SPNs would get pretty messy from the moss. :hehe:

Anyway, thanks for the good question, Steve.

Miles Neale SSChampion Points: 13147 More actions · Answer 3

Dave62 (10/17/2014)

The connection to SQL Server for this question where I work is that we use the SETSPN utility to solve the double-hop issue. We have ASP.NET applications on a web server and the SQL databases on another server. The web applications use integrated authentication and SPN's must be set so that the users permissions in AD are passed on from the web server where they are authenticated to the database server where the objects they can access are controlled by AD groups.

Thank you Dave! This information is more valuable than the QotD itself.

Not all gray hairs are Dinosaurs!

SqlMel SSCrazy Points: 2891 More actions · Answer 4

SqlMel

SSCrazy

Points: 2891

October 17, 2014 at 11:11 am

#1753234

Thanks for the question, Steve.

---------------
Mel. 😎

SqlMel SSCrazy Points: 2891 More actions · Answer 5

Dave62 (10/17/2014)

The connection to SQL Server for this question where I work is that we use the SETSPN utility to solve the double-hop issue. We have ASP.NET applications on a web server and the SQL databases on another server. The web applications use integrated authentication and SPN's must be set so that the users permissions in AD are passed on from the web server where they are authenticated to the database server where the objects they can access are controlled by AD groups.

Thanks for the comment, Dave.

This gives me a pointer of what to look for when investigating this more thoroughly.

---------------
Mel. 😎

doug.davidson SSCommitted Points: 1662 More actions · Answer 6

Dave62 (10/17/2014)

The connection to SQL Server for this question where I work is that we use the SETSPN utility to solve the double-hop issue. We have ASP.NET applications on a web server and the SQL databases on another server. The web applications use integrated authentication and SPN's must be set so that the users permissions in AD are passed on from the web server where they are authenticated to the database server where the objects they can access are controlled by AD groups.

We have had to advise our client to do this exact step to resolve integrated authentication issues. It also resolves the Kerberos security error "a security specific package error occurred" which affects users on XP predominantly, sometimes Vista / 7, and frequently when multiple AD forests are in play with integrated login.

akljfhnlaflkj SSC Guru Points: 76202 More actions · Answer 7

akljfhnlaflkj

SSC Guru

Points: 76202

October 21, 2014 at 7:26 am

#1753731

I don't think I'll be using this in my work. But thanks anyway.