Tag Archives: Kerberos

IP address hostnames in SPN extending Kerberos usage

This is just a small note of a feature that was new in Windows 10 v1507 and Windows Server 2016.

In the early days (Windows 2000, XP and 2003) it was possible to configure Service Principals Names (SPNs) with IP addresses. And then in Windows Vista and Windows Server 2008 it was removed in the Kerberos client and IP addresses on services didn’t work.
Since then if a client tries to connect to e.g. a share by its IP address it would fall back to NTLM.

I don’t know why that changed, but the good news is that they have reintroduced that functionality and you can configure the Kerberos clients to request a service ticket based on a IP hostname SPN.  Continue reading