Service Principal Name (SPN)

A service principal name (SPN) is the name by which a client uniquely identifies an instance of a service. If you install multiple instances of a service on computers throughout a forest, each instance must have its own SPN. A given service instance can have multiple SPNs if there are multiple names that clients might use for authentication. For example, an SPN always includes the name of the host computer on which the service instance is running, so a service instance might register an SPN for each name or alias of its host. An SPN must be unique in the forest in which it is registered. If it is not unique, authentication will fail.
For more information about SPN format and composing a unique SPN, see http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/name_formats_for_unique_spns.asp

Before a client can use an SPN to authenticate an instance of a service, the SPN must be registered on the user or computer account that the service instance will use to log on. Typically, SPN registration is done by a service installation program running with domain administrator privileges. user and computer objects have a servicePrincipalName attribute, which is a multi-valued attribute for storing all the SPNs associated with a user or computer account. If the service runs under a user account, the SPNs are stored in the servicePrincipalName attribute of that account. If the service runs in the LocalSystem account, the SPNs are stored in the servicePrincipalName attribute of the account of the service's host computer.

Setspn.exe:
This command-line tool allows you to manage the Service Principal Names (SPN) directory property for an Active Directory directory service account. SPNs are used to locate a target principal name for running a service. SetSpn allows you to view the current SPNs, reset the "host" SPNs, and add or delete supplemental SPNs.