cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Kerberos Autentication

Go to solution
former_member326778
Explorer

on ‎03-08-2006 9:35 AM

0 Kudos

I confirm the help documents about Kerberos Autentication from SAP.

http://help.sap.com/saphelp_nw04/helpdata/en/43/65c078b39b0398e10000000a1553f6/content.htm

http://help.sap.com/saphelp_nw2004s/helpdata/en/43/4bd58c6c5e5f34e10000000a1553f6/content.htm

Our Enterprise Portal System'S OS is UNIX.

Do I have to prepare Windows Server and install J2ee??

We use Using Header Variables for User Authentication for Single Sign on to Enterprise Portal.

I read help documents that Using Header Variables for User Authentication is depicated.

I want to implement Kerberos Autentication in UNIX.

Best regards

Yuki

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member326778
Explorer
‎03-10-2006 10:01 AM
0 Kudos

Thank you for your helpful replay.

We are using Windows Authentication by IIS in Windows server.

So if we change Kerberos Authentication from NTLM,

We'll not need Windows server.Is that correct??

I read the following help document.

http://help.sap.com/saphelp_nw2004s/helpdata/en/43/4bd58c6c5e5f34e10000000a1553f6/content.htm

I worry the following underline's description that Use of the SPNegoLoginModule enables windows os...( in my interpretation)

******quote*****************************************

Integration

The SPNegoLoginModule enables the use of the Kerberos authentication functions <u><u>on the J2EE Engine that are an integral part of the Microsoft Windows 2000 and higher operating systems.</u></u> The Kerberos functions can be used for Windows Integrated Authentication in a Windows Domain, which makes use of a Microsoft Windows Domain Controller (DC) that acts as a KDC. For information about the integration of non-Windows server components in the Microsoft Kerberos Infrastructure, see the documents available from the Microsoft Developer Network (MSDN) at msdn.microsoft.com.

Show replies
Show replies
Former Member
‎03-10-2006 2:58 PM
0 Kudos

Correct, you don't need an Windows Server if you use Kerberos authentication with the SPNegoLoginModul.

What you need is an Active Directory domain. The clients have to be member of this domain. NT4 domain controllers can not act as a Kerberos KDC.

Please rewards points for helpful answers.

Regards

Christian

former_member326778
Explorer
‎03-31-2006 2:17 AM
0 Kudos

Thank you for your cooporation.

This information is very helpful for me.

best regards

Yuki

Answers (1)

Answers (1)

Former Member
‎03-08-2006 10:04 AM
0 Kudos

You have to create a windows user which represents the j2ee engine host, set a service principal name for this user and export a keytab file containing its kerberos key. The process is described here:

http://help.sap.com/saphelp_nw04/helpdata/en/43/4e80824d155f86e10000000a1553f6/frameset.htm<a href="http://help.sap.com/saphelp_nw04/helpdata/en/43/4e80824d155f86e10000000a1553f6/frameset.htm">Kerberos Key Distribution Center Configuration</a>

After that you have to copy the keytab file to your UNIX host and configure kerb5.conf on UNIX OS:

<a href="http://help.sap.com/saphelp_nw04/helpdata/en/43/4e80824d155f86e10000000a1553f6/frameset.htm">Importing Kerberos Configuration Files to the J2EE Engine</a>

Regards,

Christian

Show replies
Show replies
Ask a Question