03-16-2007 11:08 AM
Hi,
I'm trying to install an SSO for SAP (AIX 5.2) using Windows AD-Kerberos for authentication.
Server AIX 5.2 64-bit + SAP
I first installed a Kerberos Client on AIX 5.2 (documentation :www.ibm.com/servers/aix/whitepapers/aix_kerberos2.pdf). Everything is ok..
Then I configured SAP using the document found on http://www.microsoft.com/technet/security/guidance/identitymanagement/idmanage/P3Intran_3.mspx
But I have an error by using snc/gssapi_lib = /usr/lib/security/KRB5A_64
Did you manage to use SNC on AIX 5.2 64-bit ??
Thanks for any answer,
Herve
ERROR => SncIResolveFunctions(): Unresolved GSS-API call: gss_acquire_cred
N [sncxxdl.0717]*** ERROR => SncIResolveFunctions(): Unresolved GSS-API call: gss_release_cred
N [sncxxdl.0717]*** ERROR => SncIResolveFunctions(): Unresolved GSS-API call: gss_init_sec_context
N [sncxxdl.0717]*** ERROR => SncIResolveFunctions(): Unresolved GSS-API call: gss_accept_sec_context
N [sncxxdl.0717]*** ERROR => SncIResolveFunctions(): Unresolved GSS-API call: gss_delete_sec_context
N [sncxxdl.0717]*** ERROR => SncIResolveFunctions(): Unresolved GSS-API call: gss_context_time
N [sncxxdl.0717]*** ERROR => SncIResolveFunctions(): Unresolved GSS-API call: gss_display_status
N [sncxxdl.0717]*** ERROR => SncIResolveFunctions(): Unresolved GSS-API call: gss_indicate_mechs
N [sncxxdl.0717]*** ERROR => SncIResolveFunctions(): Unresolved GSS-API call: gss_compare_name
N [sncxxdl.0717]*** ERROR => SncIResolveFunctions(): Unresolved GSS-API call: gss_display_name
N [sncxxdl.0717]*** ERROR => SncIResolveFunctions(): Unresolved GSS-API call: gss_import_name
N [sncxxdl.0717]*** ERROR => SncIResolveFunctions(): Unresolved GSS-API call: gss_release_name
N [sncxxdl.0717]*** ERROR => SncIResolveFunctions(): Unresolved GSS-API call: gss_release_buffer
N [sncxxdl.0717]*** ERROR => SncIResolveFunctions(): Unresolved GSS-API call: gss_release_oid_set
N [sncxxdl.0717]*** ERROR => SncIResolveFunctions(): Unresolved GSS-API call: gss_inquire_cred
N [sncxxdl.0717]*** ERROR => SncIResolveFunctions(): Unresolved GSS-API call: gss_inquire_context
N [sncxxdl.0717]*** ERROR => SncIResolveFunctions(): Unresolved GSS-API call: gss_export_sec_context
N [sncxxdl.0717]*** ERROR => SncIResolveFunctions(): Unresolved GSS-API call: gss_import_sec_context
N [sncxxdl.0717]*** ERROR => SncPDLInit()==SNCERR_INIT, Adapter (#0) /usr/lib/security/KRB5A_64 not loaded
N [sncxxdl.0613]<<- SncInit()==SNCERR_INIT
N sec_avail = "false"
M ***LOG R19=> ThSncInit, SncInit ( SNC-000001) [thxxsnc.c 219]
M *** ERROR => ThSncInit: SncInit (SNCERR_INIT) [thxxsnc.c 221]
M in_ThErrHandle: 1
M *** ERROR => SncInit (step 1, th_errno 44, action 3) [thxxhead.c 8267]
03-16-2007 11:25 AM
Leon,
The AIX library you have installed (/usr/lib/security/KRB5A) is not a GSS-API library, and this is why SAP SNC does not find the function entry points it is expecting. In order to use SNC with Kerberos on AIX you need to purchase a SAP SNC certified GSS-API library which is available on AIX 5L. There are many posts on SDN security forum which discuss this same issue, so I suggest you look in SDN first, and if you are still not able to find what you are looking for let me know, either via this forum or privately, and I will point you in the right direction.
Regards,
Tim