Kerberos - User Principal Name (UPN)


A principal representing a user.

An example of UPN is :

[email protected].

Syntax and constraint

  • The UPN is derived from the combining of the two fields listed for “User logon name”.
  • A User Principal Name must be unique across the entire forest otherwise when the KDC goes to look up the Users Account via UPN it will get back more than one account and cause authentication failures for all users that have the same UPN.


Active Directory

The UPN of an Active Directory object is an attribute of the object, and can only hold a single value.

The attribute name is userPrincipalName.

Upn Active Directory

Discover More
Kerberos - Principal (Account)

A Kerberos principal is a unique identity to which Kerberos can assign tickets. Kerberos defines two different types of accounts (or Principals): User Principal Name (UPN), and Service Principal...
Kerberos - User

A user is identified by a User principal Name.
Security - (Identity+Authenticator=Credential)

Credentials are electronic information that is used to verify an identity. They are provided by client application (ie user, browser, application) to prove their identity Credentials are also known as:...
What is the Principal of a user in Authentication?

A principal in security is the unique identifier of an identity (ie object, service, or person). The identity key or principal is typically an account’s user name such as: the Security Accounts Manager...

Share this page:
Follow us:
Task Runner