KILE SHOULD use service principal names (SPNs) to identify servers in TGS-REQs. An SPN is a single-string representation of a Kerberos principal name according to section 2.1.1 of [RFC1964] that identifies the server. The Directory Service attribute servicePrincipalName, as defined in [MS-ADA3] section 2.252, is a multi-value attribute on a user or computer object that contains a list of service principal names, with each list item corresponding to a string representation of a Kerberos name that can be used to identify the server.
An SPN is a string of the following format. For more information on the <alphanum> element, see [RFC2396] section 1.6.
SPN = serviceclass "/" hostname [":"port] ["/" servicename] serviceclass = alphanum servicename = alphanum
serviceclass is a string that identifies the class of the service, such as "www" for a Web service or "ldap" for a directory service.
hostname ([RFC2396] section 3.2.2) is a string that is the name of the system. This SHOULD be the fully qualified domain name (FQDN).
port ([RFC2396] section 3.2.2) is a number that is the port number for the service.
An application can supply a name of the form "RestrictedKrbHost/<hostname>" when its callers have provided the hostname but not the correct SPN for the service. Applications SHOULD NOT use "RestrictedKrbHost/<hostname>" due to the security considerations in section 5.1.2. Applications calling GSS-API directly MUST provide a target name which SHOULD be an SPN<28> for their service applications for Kerberos authentication.