- SAP Community
- Products and Technology
- Additional Q&A
- SSO for SAPGUI using SNC
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
SSO for SAPGUI using SNC
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 02-09-2010 5:52 PM
Is there a 64-bit version of the libgssapi_krb5.so available? When I point the snc/gssapi_lib to this file it fails to load. I am trying to set this up on a Solaris 5.10 Sparc 64bit box, and I thought a 32 bit file could still be read by the 64 bit system, but so far it can't.
I tried up dating my LD_LIBRARY_PATH, to include /opt/SFP/krb5-1.6.3/lib, as I thought it was an environment issue, but my unix support seems to think it is an issue with the 32bit lib not being able to be opened on our 64 bit system.
The error states "wrong ELF Class: ELFCLASS32"
Thanks,
Accepted Solutions (1)
Accepted Solutions (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Thanks, I had been talking with UNIX about compiling it, but I wanted to be sure 64bit wasn't available. I'll share this link with them and see what they can do, I appreciate the help.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Our UNIX team was able to compile the 32 bit into a 64 bit library and now they have loaded successfully.
However, I have a new error now that the libraries have loaded. I think I need to work on getting all the other parts in place in now, because on the domain side we have nothing setup yet. I assume this portion will not work until I have the name properly defined with a domain extension?
SncInit(): Initializing Secure Network Communication (SNC)
N Solaris on SPARCV9 CPU (st,ascii,SAP_UC/size_t/void* = 16/64/64)
N SncInit(): found snc/data_protection/max=1, using 1 (Authentication Level)
N SncInit(): found snc/data_protection/min=1, using 1 (Authentication Level)
N SncInit(): found snc/data_protection/use=1, using 1 (Authentication Level)
N SncInit(): found snc/gssapi_lib=/usr/local/lib/libgssapi_krb5.so
N File "/usr/local/lib/libgssapi_krb5.so" dynamically loaded as GSS-API v2 library.
N The internal Adapter for the loaded GSS-API mechanism identifies as:
N Internal SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2
N *** ERROR => SncPGSSImportName()==SNCERR_GSSAPI [sncxxall.c 2637]
N GSS-API(maj): An invalid name was supplied
N Import of a name failed
N name="p:CN=SAPService"
N <<- SncInit()==SNCERR_GSSAPI
N sec_avail = "false"
Edited by: David Harris on Feb 17, 2010 7:09 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
> N File "/usr/local/lib/libgssapi_krb5.so" dynamically loaded as GSS-API v2 library.
> N The internal Adapter for the loaded GSS-API mechanism identifies as:
> N Internal SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2
> N *** ERROR => SncPGSSImportName()==SNCERR_GSSAPI [sncxxall.c 2637]
> N GSS-API(maj): An invalid name was supplied
> N Import of a name failed
> N name="p:CN=SAPService"
What is your instance profile parameter value for
snc/identity/as
Markus
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
snc/identity/as is set to p:CN=SAPService
I have asked domain support to create a ticket granting user in Active Directory. I had wanted SAPService as the name, but I think they will probably change it.
From note 352295, I also asked them to run the SPN script for the user they create on the domain.
I beleive it would be like this: "SETSPN -A SAPService/dontcare \SAPService"
I then told them to generate my keytab file from AD and send it to me, so I can put it on my own server.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Answers (1)
Answers (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
> I tried up dating my LD_LIBRARY_PATH, to include /opt/SFP/krb5-1.6.3/lib, as I thought it was an environment issue, but my unix support seems to think it is an issue with the 32bit lib not being able to be opened on our 64 bit system.
>
> The error states "wrong ELF Class: ELFCLASS32"
yes - because a 64bit program can't load a 32bit library.
You can compile your own:
http://osdir.com/ml/encryption.kerberos.general/2004-11/msg00007.html
Markus
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- This logic is working for the gui.. how to get this field populated with app f3163 automatically ? in Enterprise Resource Planning Q&A
- SAP scripting findbyID in Technology Q&A
- S4HANA Cloud XSLT Processor in Technology Q&A
- User password forgotten/reset in Enterprise Resource Planning Q&A
- GOS problem => read local file before opening menu in Technology Q&A
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.