Please feel free to provide feedback or file bugs here.

WinRM should register it's proper SPN

The WinRM service should register the HTTP/computername:5985 and HTTP/computername.fqdn:5985 (or configured port) SPNs so that clients can locate the proper Kerberos principal to authenticate against. Currently anything that uses Kerberos over http:80 can claim its valid SPN and break Kerberos authentication for WinRM.

22 votes
Sign in
(thinking…)
Password icon
Signed in as (Sign out)

We’ll send you updates on this idea

Chris Duck shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base