Please also have a look in our OnlineHelp for further information.

Target principal

To use Kerberos transport encryption or authenticate an Active Directory user, a Kerberos Target Principal Name (TPN) is required. This can be either a User Principal Name (UPN) or a Service Principal Name (SPN).

The Target Principal Name must correspond either to the UPN of the user under which the XU Windows Service is running, or to an SPN assigned to this user.

By default, the XU Service is executed under the Local System Account.

XU3_Default Log on

In the AD, this user acts as a computer account. By default, the SPN is assigned to the computer account in the following form:

HOST/[hostname]@[domain]

Example:

field value
XU Server TODD.theobald.local:8064 (or localhost:8064)
Target Principal HOST/TODD.theobald.local@THEOBALD.LOCAL

XU3_Designer_Authentication

Therefore, the Target Principal Name only needs to be changed in the login window if the service account of the XU Windows Service has been changed.

If the service runs under another account

Deviating from the standard, the service can also be executed under a different account. For this the setting This account is selected.

XU Log On UPN

An UPN is assigned in the following form:

<user>@<domain>

Example:

field value
XU Server TODD.theobald.local:8064 (or localhost:8064)
Target Principal steffan@theobald.local

XU TPN UPN

For further information please refer to the official Windows Library

Service Principal Name - SPN

An SPN is assigned in the following form:

<service class>/<host>

Example:

HTTP/theosoftw2012r2.theobald.local

The service class and host name are at least required for authenticating a service instance to a logon account. In general, Domain Admin rights are required for processing Manage Service Accounts.

For further information please refer to the official Windows Library

AD User and computers - SPN

When dialing into a remote server where the service is not used in the local environment, both an UPN and an SPN can be used in the following form:

field value
XU Server theosoftw2012r2.theobald.local:8064
Target Principal as UPN DomainAdminUser@THEOBALD.LOCAL
field value
XU Server theosoftw2012r2.theobald.local:8064
Target Principal as SPN HTTP/theosoftw2012r2.theobald.local@THEOBALD.LOCAL