Choosing the SPNs

The SPNs should be in one of the following forms:

FNCEWS/host_name
FNCEWS/host_name@DOMAIN.COM
FNCEWS/host_name.domain.com

where you should substitute your own Content Platform Engine name for host_name and that server's domain for DOMAIN.COM or the domain.com part. The host name should be an undistinguished (in other words, no dots) DNS name and all lowercase. The domain name should be all uppercase for the host_name@DOMAIN.COM form or all lowercase for the host_name.domain.com form. In the example setup, the host name is MYCE01 and it is in the MYDOM.EXAMPLE.COM domain, so the SPNs would be FNCEWS/myce01, FNCEWS/myce01@MYDOM.EXAMPLE.COM, or FNCEWS/myce01.mydom.example.com.

If this is a cluster, set host_name to the cluster name (see Using Kerberos with a cluster of Content Platform Engine servers).

Case matters when choosing the SPNs. Make sure the host name is lowercase and the domain name is uppercase.

The SPNs that might be set up for SPNEGO (for example HTTP/myce01) are not compatible with the SPNs used by the Content Platform Engine Kerberos. SPNEGO is a different service than the Content Platform Engine Kerberos service and hence needs a different name. Also, Content Platform Engine Kerberos service names always start with FNCEWS/ and this is not customizable, although the related Kerberos identity account name that usually starts with FNCEWS_ can be customized.