- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- SNC and kerboros setup in Unix
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
SNC and kerboros setup in Unix
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2009 6:35 AM
Hi,
Our SAP systems installed on Linux server.Customer wanted to implmnt SSO between windows SAPGUI to SAP systems.for this we can use SNC/kerberos setup, I was implemnetd on windows SAP environment.but i dont have experiace to configure in Linux.
Customer wanted to implemnt this , can you please suggest how to implemnt SNC/kerboros in Linux.Also let me know what are the ports required to authenticate
- Amy
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2009 8:43 AM
Amy,
The quick answer is that you have a few options - you can either try to make the Kerberos library provided with Linux work with SAP (not easy), you can download a more uptodate open source implementation of Kerberos, compile and make work with SAP (requries development skills), or you can purchase a Kerberos SNC library which supports Linux, and is SAP certified (the best option if you want a supported solution). You can find details of commercial offerings like this on SAP EcoHub, at http://ecohub.sdn.sap.com.
This subject has been covered many times in this forum. I therefore suggest you search this forum and search EcoHub using keywords such as SNC Linux Kerberos
Once you have searched, if you have any specific questions, please let me know.
Thanks,
Tim
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2009 5:01 PM
Tim,
Which method I should follow SNC or kerberos ?
And I have one me thing Actually our SAP servers unstalled on Linux box in data center which is located in different hosting partner.And did not connected to Local Active directory server.Iam not sure how to synch AD with linux box.
Do i need to do any additional settings for to synch AD with linux box.
- Amy
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2009 5:05 PM
>
> Tim,
>
> Which method I should follow SNC or kerberos ?
You need both. SNC is the interface provided in SAP software, and when you implement SNC it requires a library. The library needs to support GSS-API standards and any cryptographic mechanism, e.g. Kerberos. In summary - you need an SNC library that implements the protocol known as Kerberos.
> And I have one me thing Actually our SAP servers unstalled on Linux box in data center which is located in different hosting partner.And did not connected to Local Active directory server.Iam not sure how to synch AD with linux box.
I have setup similar environment many times. There are many ways to do it, and it depends on the network connectivity between your company network and hosting partner. Since we are discussing solutions which are not provided by SAP, I suggest we don't use this SDN forum to continue this discussion.
> Do i need to do any additional settings for to synch AD with linux box.
You will need to create a computer account in AD for each SAP instance. There is no sync required.
> - Amy
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-04-2009 1:57 AM
Tim,
Thanks for your reply.What account I have to create in AD?
Is that service user like <sid>adm ? and what privilages it required ?
Because I know how to setup in Windows but not done in Unix.So please let me know if you have any addtional details.
- Amy
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-04-2009 7:54 AM
>
> Tim,
>
> Thanks for your reply.What account I have to create in AD?
This depends on which solution you are using. I am more familiar with commercial and supported solutions, and they provide a utility which creates a computer account, generates a random password for this account, and then generates an encryption key from this password and stores same in a key table file on the unix server.
>
> Is that service user like <sid>adm ? and what privilages it required ?
Not normally. The account is a unique computer account created for each SAP instance you are enabling for SNC.
> Because I know how to setup in Windows but not done in Unix.So please let me know if you have any addtional details.
Windows and unix are different. I cannot provide details of commercial offerings in this forum.
> - Amy
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-04-2009 9:03 AM
Please provide me some more details.Actually i have to initiate this process at the earliest
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-04-2009 9:07 AM
Amy,
I have already told you that I cannot give details of commercial solutions for Kerberos/SNC products using this forum. If you need help urgently you need to contact me using email.
Thanks,
Tim
- SAP Managed Tags:
- Security
