Purpose

Specifies the service principal name to be used for Kerberos authentication.

Valid Values

ServicePrincipalName

where:

ServicePrincipalName
is the four-part service principal name registered with the key distribution center (KDC).

Specify the service principal name using the following format.

Service_Name/Fully_Qualified_Domain_Name:Port_Number@REALM.COM

where:

Service_Name
is the name of the service hosting the instance. The Service_Name for Microsoft SQL Server is MSSQLSvc.
Fully_Qualified_Domain_Name

is the fully qualified domain name (FQDN) of the host machine. This value must match the FQDN registered with the KDC. The FQDN consists of a host name and a domain name. For the example myserver.example.com, myserver is the host name and example.com is the domain name.

Port_Number

is the port number as specified by the PortNumber property.

REALM.COM

is the domain name of the host machine. This value is optional. If no value is specified, the default domain is used. The domain must specified in upper-case characters. For example, EXAMPLE.COM. For Windows Entra ID, the Kerberos realm name is the Windows domain name.

Example

The following is an example of a valid service principal name:

MSSQLSvc/myserver.example.com:1433@EXAMPLE.COM

Notes

  • The driver builds a service principal name in the following manner.
    • MSSQLSvc is used as the service name.
    • The value of the ServerName property is used as the FQDN.
    • The PortNumber property specifies the port number that is used.
    • The default realm in the krb5.conf file is used as the realm name.
  • If the default does not match the service principal name registered with the KDC, then you can specify the value of the service principal name registered with the KDC.
  • In a Kerberos configuration, an IP address cannot be used as a FQDN.

Data Source Method

public String getServicePrincipalName()

public void setServicePrincipalName(String)

Default

Driver builds value based on environment

Data type

String

See also