Specifying the Service Principals for GSSAPI Secure Shell Sessions

The service principal name is the name Reflection uses when it sends a request for a service ticket to the Kerberos Key Distribution Center (KDC). The format is:

hostname.domain.com@REALM

The name Reflection uses depends on settings you can configure on the GSSAPI tab of the Secure Shell Settings dialog box. When Use default service principal name is selected (the default), the host name value is the name of the Secure Shell server to which you are connecting and the realm value depends on which GSSAPI provider you have selected:

  • If you are using Reflection Kerberos, the realm name is the one you have specified in your default principal profile.
  • If you are using SSPI, the realm name is your Windows domain name.

Use the Service principal setting to specify a non-default value. If you have selected SSPI as your GSSAPI provider, you can use this setting to specify a service principal in a realm that is different from the Windows domain. Use a fully qualified host name followed by @ then the realm name, for example:

myhost.myrealm.com@MYREALM.COM