on 03-08-2006 9:35 AM
I confirm the help documents about Kerberos Autentication from SAP.
http://help.sap.com/saphelp_nw04/helpdata/en/43/65c078b39b0398e10000000a1553f6/content.htm
http://help.sap.com/saphelp_nw2004s/helpdata/en/43/4bd58c6c5e5f34e10000000a1553f6/content.htm
Our Enterprise Portal System'S OS is UNIX.
Do I have to prepare Windows Server and install J2ee??
We use Using Header Variables for User Authentication for Single Sign on to Enterprise Portal.
I read help documents that Using Header Variables for User Authentication is depicated.
I want to implement Kerberos Autentication in UNIX.
Best regards
Yuki
Thank you for your helpful replay.
We are using Windows Authentication by IIS in Windows server.
So if we change Kerberos Authentication from NTLM,
We'll not need Windows server.Is that correct??
I read the following help document.
http://help.sap.com/saphelp_nw2004s/helpdata/en/43/4bd58c6c5e5f34e10000000a1553f6/content.htm
I worry the following underline's description that Use of the SPNegoLoginModule enables windows os...( in my interpretation)
******quote*****************************************
Integration
The SPNegoLoginModule enables the use of the Kerberos authentication functions <u><u>on the J2EE Engine that are an integral part of the Microsoft Windows 2000 and higher operating systems.</u></u> The Kerberos functions can be used for Windows Integrated Authentication in a Windows Domain, which makes use of a Microsoft Windows Domain Controller (DC) that acts as a KDC. For information about the integration of non-Windows server components in the Microsoft Kerberos Infrastructure, see the documents available from the Microsoft Developer Network (MSDN) at msdn.microsoft.com.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Correct, you don't need an Windows Server if you use Kerberos authentication with the SPNegoLoginModul.
What you need is an Active Directory domain. The clients have to be member of this domain. NT4 domain controllers can not act as a Kerberos KDC.
Please rewards points for helpful answers.
Regards
Christian
You have to create a windows user which represents the j2ee engine host, set a service principal name for this user and export a keytab file containing its kerberos key. The process is described here:
http://help.sap.com/saphelp_nw04/helpdata/en/43/4e80824d155f86e10000000a1553f6/frameset.htm<a href="http://help.sap.com/saphelp_nw04/helpdata/en/43/4e80824d155f86e10000000a1553f6/frameset.htm">Kerberos Key Distribution Center Configuration</a>
After that you have to copy the keytab file to your UNIX host and configure kerb5.conf on UNIX OS:
<a href="http://help.sap.com/saphelp_nw04/helpdata/en/43/4e80824d155f86e10000000a1553f6/frameset.htm">Importing Kerberos Configuration Files to the J2EE Engine</a>
Regards,
Christian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.