One of my co-workers just came over and asked me what are the minimum amount of rights we need to let someone create SPNs (Service Principal Names)?
Good question. Off to TechNet I went looking for the answer. Typically to set SPNs you must be a member of Domain Admins or Enterprise Admins. Alternatively you can set permissions so delegated Admins can set SPNs. The wording from TechNet sounds like this:
If you need to allow delegated administrators to configure service principal names (SPNs), you must ensure that their user accounts have the Validated write to service principal name permission.
The full article can be found at http://technet.microsoft.com/en-us/library/cc731241(v=ws.10).aspx.