Kerberos - User Principal Name (UPN)

Card Puncher Data Processing


A principal representing a user.

An example of UPN is :

[email protected].

Syntax and constraint

  • The UPN is derived from the combining of the two fields listed for “User logon name”.
  • A User Principal Name must be unique across the entire forest otherwise when the KDC goes to look up the Users Account via UPN it will get back more than one account and cause authentication failures for all users that have the same UPN.


Active Directory

The UPN of an Active Directory object is an attribute of the object, and can only hold a single value.

The attribute name is userPrincipalName.

Upn Active Directory

Recommended Pages
Card Puncher Data Processing
Kerberos - Principal (Account)

A Kerberos principal is a unique identity to which Kerberos can assign tickets. Kerberos defines two different types of accounts (or Principals): User Principal Name (UPN), and Service Principal...
Card Puncher Data Processing
Kerberos - User

A user is identified by a User principal Name.
Card Puncher Data Processing
Security - (Identity+Authenticator=Credential)

Identity is typically an account’s user name such as: the Security Accounts Manager (SAM) account name or the User Principal Name (UPN). To prove their identity, a secret information called the...

Share this page:
Follow us:
Task Runner