Kerberos - User Principal Name (UPN)

> Software Security > (Authentication|Access control|Identification) - AuthN > Kerberos

1 - About

A principal representing a user.

An example of UPN is :

[email protected]
Advertising

3 - Syntax and constraint

  • The UPN is derived from the combining of the two fields listed for “User logon name”.
  • A User Principal Name must be unique across the entire forest otherwise when the KDC goes to look up the Users Account via UPN it will get back more than one account and cause authentication failures for all users that have the same UPN.

4 - LDAP

4.1 - Active Directory

The UPN of an Active Directory object is an attribute of the object, and can only hold a single value.

The attribute name is userPrincipalName.