Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

new spnego with multiple domain tree

Former Member

‎07-15-2011 3:47 PM

0 Kudos

Hello,

we configured on EP 7.02 spnego with AD domain EMEA.OUR-WORLD.COM, which works very well.

Now I want also configure the trust relationship to the other domains like AMERICA.OUR-WORLD.COM and APA.OUR-WORLD.COM to login from this domain too. In the old spnego modules you can configure this in krb5.conf. But I can't find a file of this name anymore.

How can I do this now?

Thanx for help!

Wolfgang

6 REPLIES 6

Former Member

‎07-15-2011 4:53 PM

0 Kudos

Hi,

I don't think you have something to do from the SAP side.

The trust relationship has to be done for the Windows Domain controlers of the different domains.

This works in my company.

Regards,

Olivier

Former Member
In response to Former Member

‎07-18-2011 8:20 AM

0 Kudos

Hi Olivier,

yes you are right, there is configured a trust relationship between the three domains controlers.

But how can I tell the spnego module if an user who is coming from AMERICA.OUR-WORLD.COM to trust this domain too.

Do I have to define a new realm for each domain with own keytab file and service user?

Or do I have just to modify the krb5.ini/conf directly? But where can I find this file?

Regards,

Wolfgang

Former Member
In response to Former Member

‎07-19-2011 9:42 AM

0 Kudos

Hi Wolfgang,

We don't use SAP spnego/kerberos standard implementation but a SAP certified product because, at the time, SAP Kerberos could only use DES which was forbidden in my company.

So, I don't know if there is a specific configuration for multi windows domain with SAP standard kerberos.

But I do know that I did not have to configure something specific to multi domain for the product I use.

Regards,

Olivier

cathal_ohare
Employee
Employee

‎07-27-2011 7:56 PM

0 Kudos

Hi,

As far as I can tell for the new SPNego, for each Domain you just add a new realm at the start of the wizard, then follow the same configuration for the initial realm.

Kind regards,

Cathal

Edited by: Cathal O'Hare on Jul 27, 2011 8:56 PM

Former Member
In response to cathal_ohare

‎07-28-2011 7:02 AM

0 Kudos

Hi Cathal,

for my understanding: do I need a new keytab file for each domain controller/domain with own service user to add the realms?

Kind ragards

Wolfgang

cathal_ohare
Employee
Employee
In response to cathal_ohare

‎07-28-2011 9:10 AM

0 Kudos

Hi Wolfgang,

As the keytab file depends on the Domain, yes you would have to create one for each domain.

Kind regards,

Cathal