on 07-09-2015 7:19 PM
Hello everybody,
we have upgraded the SAP System NW 701 ERP 604 Kernel 721 ext unicode
to Linux RHEL7 and installed the follwoing packages:
cyrus-sasl-gssapi-2.1.26-17.el7.x86_64
krb5-libs-1.12.2-14.el7.x86_64
pam_krb5-2.4.8-4.el7.x86_64
krb5-workstation-1.12.2-14.el7.x86_64
and customized SNC Parameter in SAP and active Directory.
In GSS Test we get this error:
ERROR: OUCH! Lifetime has increased by 20195 sec while 0 sec passed!
RESULT NOT ok (rc=1)
ERROR: OUCH! Lifetime has increased by 20195 sec while 0 sec passed!
Status: gss_compare_name() == (GSS_S_COMPLETE)
result = FALSE
ERROR: acquiring default credentials: comparison of name1 and name2 failed!
RESULT NOT ok (rc=2)
ERROR: acquiring default credentials: comparison of name1 and name2 failed!
RESULT NOT ok (rc=2)
Have any boddy an idea about this error?
many thanks / Esfandiar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
we found this worarround solution due to SSO under RHEL 7 :
1) download krb5-lib-source-Paket from RHEL5 of RedHat (krb5-1.6.1-70.el5_9.2.src.rpm)
· Install it on a System with RHEL5) – rpm –i krb5-1.6.1-70.el5_9.2.src.rpm
· after that is a krb5-1.6.1.tar.gz-File created. (this secure file is needed for RHEL7 and should be compiled as follows:
· ./configure –prefix=/.../libgssapi-rhel5
· and .. make install
· --> libgssapi_krb5.so.2.2 is created .
2) the profile parameter in SAP: snc/gssapi_lib=/.../libgssapi-rhel5/lib/libgssapi_krb5.so.2.2
·
restart SAP
--> libgssapi-rhel5 cab be copied to other Systems (and change the paramater in SAP)
Best Regards / Esfandiar
Hello,
with RHEL7.2 it is fixed:
Identity Management now uses the mod_auth_gssapi
module, which uses GSSAPI calls instead of direct Kerberos calls used by the previously used mod_auth_kerb
module.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.