背景:
阅读新闻

SPN(Service Principal name)服务器主体名称

  作者: 今日评论: [字体: ]

SPN(Service Principal name)服务器主体名称。


SPN 是服务在使用 Kerberos 身份验证的网络上的唯一标识符。它由服务类、主机名和端口组成。在使用 Kerberos 身份验证的网络中,必须在内置计算机帐户(如 NetworkService 或 LocalSystem)或用户帐户下为服务器注册 SPN。对于内置帐户,SPN 将自动进行注册。但是,如果在域用户帐户下运行服务,则必须为要使用的帐户手动注册 SPN。




How to Register a Service Principal Name (SPN) With an SQL Server Agent



Register a service principal name (SPN) for your Microsoft SQL Server in order to permit service accounts and users to both find your server and authenticate to it with Kerberos authentication. While administrators typically perform this configuration for the SQL Server service account, doing so for the SQL Server Agent account enables trouble-free authentication for jobs, monitors and other automation tasks on the server.


Instructions

1

Configure SQL server to use a domain account for the SQL server agent. Create an account in Active Directory Users and Computers for the SQL Server agent, and then use the SQL Server Configuration Manager to change the "Log on as..." account for the SQL Server Agent to the domain account.


2

Configure the service principal name. Open a command prompt using a domain account with permission to modify the SQL Agent service account. Type the command 

"setspn -A MSSQLSvc/<SQLAgentAccount>:1433 <domain\SQLAgentAccount>," 

where <SQLAgentAccount> is the name of the SQL Server Agent account and <domain\SQLAgentAccount> is the account name with the domain preceding it.


3

Confirm the configuration of the SPN by entering the command "setspn -l <SQLAgentAccount>," where <SQLAgentAccount> is the name of the domain account used by the SQL Server Agent.


4

Restart the SQL Agent Server on the SQL Server.

来源:
录入日期:[2019/07/22 23:11:00]
收藏 推荐 打印 | 录入:mikebai | 阅读:
文章评论      
正在加载评论列表...
评论表单加载中...