Microsoft Service Principal Names Proposal
consistent service principal across
Kerberos, PKI/X.509/TLS, HTTP Digest, etc
and across all application protocols
deal with security issues, esp "service names" in DNS
eg, mail.stanford.edu -> mail27.stanford.edu
three-part service principal name:
service-type / host-name / service-name
eg, imap / mail27.stanford.edu / mail.stanford.edu
MS KDC supports multiple names per "account", ie per key
interop issue for MS clients with non-MS KDC
Bob.Morgan@
Stanford.EDU
Common Solutions Group, January 1999