Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Activating SNC in SAP

Former Member

‎12-21-2006 5:57 PM

0 Kudos

Hi everybody,

First of all, please excuse me if I'm not posting in the right group. If

so, could you please redirect me to the appropriate forum?

Ok, so here's my problem...

I'm trying to activate SNC on a IDES SAP ERP 2005 (NW04s) system (running on a Solaris 10 x64). I followed the documentation inscructions and

added the following parameters to my SAP instance profile (using the

RZ10 transaction)

snc/enable = 1

snc/data_protection/min = 1

snc/data_protection/max =13

snc/data_protection/use = 1

snc/accept_insecure_gui = 1

snc/accept_insecure_cpic = 1

snc/accept_insecure_rfc = 1

snc/accept_insecure_r3int_rfc = 1

snc/r3int_rfc_secure = 0

snc/permit_insecure_start = 1

snc/gssapi_lib = /usr/lib/snckrb5.so

snc/identity/as = p:user@xx.xxx.xx

My GSS-API library successfully passed the tests done by the sap test

tool.

When I restart my SAP system I get the following error in the Syslog:

Initialization SNC Failed, Return Code -000004 or Initialization SNC Failed, Return Code -000001

This error is repeated several times, then the server terminates.

Does anyone have an idea of what I'm doing wrong?

Thanks for your help,

9 REPLIES 9

Former Member

‎12-22-2006 9:13 PM

0 Kudos

Hi,

Can you recheck Parameters

snc/data_protection/max =13

snc/data_protection/use = 1

snc/gssapi_lib = /usr/lib/snckrb5.so

For more helpful you can check with the following link

http://help.sap.com/saphelp_nw04/helpdata/en/19/164442c1a1c353e10000000a1550b0/frameset.htm

Cheers

Soma

Former Member

‎12-25-2006 2:27 PM

0 Kudos

I'm set parameter

snc/identity/as = u:user@xx.xxx.xx and all working!

Message was edited by:

Peter Bachofer

tim_alsop
Active Contributor

‎12-26-2006 10:03 AM

0 Kudos

Alexandr,

It looks like you are trying to use the Kerberos library provided with Solaris 10 x64. The use of this library is not supported by SAP, so I doubt you will get much help using this forum. Instead, you might want to consider using a SAP certified and supported solution, as mentioned many times elsewhere in this forum. If you search this Security forum for keywords such as "SNC", "Kerberos", and "UNIX" I am sure you will find details of how other companies have solved this problem.

Thanks,

Tim

Former Member

‎12-27-2006 8:23 AM

0 Kudos

Thanks Peter Bachofer!

All working after set new parameter.

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
In response to Former Member

‎12-27-2006 10:15 AM

0 Kudos

Well, frankly speaking I doubt that your happiness will last long.

To me it looks like you've been extremely lucky - and it honestly surprises me that "u:user@..." works since all SNC names have to start with "p:".

It also looks weird that you assign a user credential to a server.

Last but not least: Tim is right stating that you are using a non-certified solution (at your own risk).

Nether-the-less: I wish you Good Luck for the New Year.

Cheers, Wolfgang

Former Member

‎12-27-2006 11:11 AM

0 Kudos

I do not know! All works great! No complaints there!

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
In response to Former Member

‎12-27-2006 11:12 AM

0 Kudos

Well, be happy then (and consider yourself lucky).

But don't be surprised if problems arise, later on.

Cheers, Wolfgang

Former Member

‎12-27-2006 11:14 AM

0 Kudos

See later!

tim_alsop
Active Contributor

‎09-03-2007 1:37 PM

0 Kudos

Eugeny,

I know this is an old thread, but I wondered if you still need any help. I also wanted to ask if you can award SDN points to answers provided already.

Thanks,

Tim