Choose a naming convention for these users to help you identify them with their corresponding AS Java instances.
If your instance is called JD1 and this instance resides on a host named hades, name the service user jee-jd1-hades.
The service user represents an AS Java instance running on a specific host and must meet the following requirements:
The password of the service user must never expire.
Choose a strong password for the service user. For example, use a minimum length of 12 characters, with at least one digit, one special character, and one uppercase letter.
Enable Data Encryption Standard (DES) for this account.
When using a reverse proxy or an application-level gateway to access the AS Java, add an SPN for the physical host name and each DNS alias of the reverse proxy or application-level gateway. For this scenario, the Web client procures a Kerberos ticket from the KDC for the reverse proxy or application-level gateway host and not for the AS Java host.