{
	"id": "28c4e762-ec10-43d6-8786-45d02ef77efa",
	"created_at": "2026-04-06T00:14:16.973207Z",
	"updated_at": "2026-04-10T13:11:47.062829Z",
	"deleted_at": null,
	"sha1_hash": "3995a45f00c50c1f03b8d7ece48fdd8b590f03d5",
	"title": "Service principal names - Win32 apps",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 39738,
	"plain_text": "Service principal names - Win32 apps\r\nBy GrantMeStrength\r\nArchived: 2026-04-05 14:44:12 UTC\r\nA service principal name (SPN) is a unique identifier of a service instance. Kerberos authentication uses SPNs to\r\nassociate a service instance with a service sign-in account. Doing so allows a client application to request service\r\nauthentication for an account even if the client doesn't have the account name.\r\nIf you install multiple instances of a service on computers throughout a forest, each instance must have its own\r\nSPN. If there are multiple names that clients can use for authentication, a service instance can have multiple SPNs.\r\nFor example, because an SPN always includes the name of the host computer on which the service instance is\r\nrunning, a service instance might register multiple SPNs, one for each name or alias of its host. For more\r\ninformation about SPN format and composing a unique SPN, see Name formats for unique SPNs.\r\nBefore the Kerberos authentication service can use an SPN to authenticate a service, the SPN must be registered\r\non the account object that the service instance uses to sign in. A given SPN can be registered on only one account.\r\nFor Win32 services, a service installer specifies the sign-in account when an instance of the service is installed.\r\nThe installer then composes the SPNs and writes them as a property of the account object in Active Directory\r\nDomain Services. If the sign-in account of a service instance changes, the SPNs must be re-registered under the\r\nnew account. For more information, see How a service registers its SPNs.\r\nWhen a client wants to connect to a service, it locates an instance of the service, composes an SPN for that\r\ninstance, connects to the service, and presents the SPN for the service to authenticate. For more information, see\r\nHow clients compose a service's SPN.\r\nIn this section\r\nThis section includes the following articles:\r\nName formats for unique SPNs\r\nHow a service composes its SPNs\r\nHow a service registers its SPNs\r\nHow clients compose a service's SPN\r\nSee also\r\nMutual authentication using Kerberos\r\nSource: https://msdn.microsoft.com/library/ms677949.aspx\r\nhttps://msdn.microsoft.com/library/ms677949.aspx\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://msdn.microsoft.com/library/ms677949.aspx"
	],
	"report_names": [
		"ms677949.aspx"
	],
	"threat_actors": [],
	"ts_created_at": 1775434456,
	"ts_updated_at": 1775826707,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3995a45f00c50c1f03b8d7ece48fdd8b590f03d5.pdf",
		"text": "https://archive.orkl.eu/3995a45f00c50c1f03b8d7ece48fdd8b590f03d5.txt",
		"img": "https://archive.orkl.eu/3995a45f00c50c1f03b8d7ece48fdd8b590f03d5.jpg"
	}
}