A few years ago [1] I wrote about how you could enable Domain Accounts to self-manage their ServicePrincipalNames. This is particularly advantageous when using Kerberos to secure services. We recently needed to set up some service accounts in Active Directory to participate in establishing a Kerberos capability for middleware integration. […]
Kerberos
2 posts
If you are like me, you probably aren’t a huge fan of Kerberos, but it does have some advantages. When using an Active Domain (AD) account as a service account, it is handy to reduce the attack vector by minimising the chosen Domain Account’s permissions and privileges. If you are […]