According to some of the documentation I've read the service account for SQL server will create an SPN when the database engine starts up, allowing for kerberos authentication. I haven't been able to find any documentation that states what permission an account would need to create an SPN. So, what permissions would an account need to have (barring domain admin if that's possible) in order to create an SPN?
SnapOverflow
Based on this MSDN article, and clarification by @Handyman5, the section "Delegating Authority to Modify SPNs" states
The permission to delegate Validated write to service principle name requires Membership in Domain Admins, or equivalent
So I recently figured out how to do this. Follow the steps in the MSDN article about delegating the permission to Write SPNS.
However, you need to add one more permission for the account other than the Validated Write to Service Principal Names permission that is mentioned in MSDN article and that is write service principal name.
You need to add this permission in the exact same fashion as the how the article instructs you on the Validated Write to Service Principal Names (applies to computer objects, etc).
By adding this permission it allows you to write to the SPN attribute without needing full control, domain admin, or write all properties.
As a side note if you only add the Validated Write to Service Principal Names permission you will get the following error while trying to create a SPN and not access denied.