cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Installation of SAPCryptolib

Former Member

on ‎06-01-2008 4:54 PM

0 Kudos

Hi!

I have the following question regarding to establishment of u201CELSTERu201D-approach on windows.

I set up the whole approach with user <sid>adm.

When I create a u201Cpair of keysu201D with commando u201Csapgenpse get_pse u2026u201D

I get 2 errors:

a) the directory u201Csecu201D could not be found

b) the file file u201Cticketu201D could not be found

The directory u201Csecu201D as well as the file u201Cticketu201D should exist under path F:\usr\sap\<sid>\DVEBMGS00\sec.

The problem is that the commando uses the path C:\Documens and Settings\<sid>adm\...

Question:

How can this setting be changed? Does some environment variable exist therefore?

The second problem I get with execution of commando for u201Ccreate of credentialsu201D.

The errors/warnings are:

c) No SSO for USER u201C<sid>admu201D with PSE file u201CC:\Documents and Settings\<sid>adm\sec\elster_file.pseu201D.

d) No readable SSO-Credentials available

Question:

How can I create the SSO for USER <sid>adm to avoid the errors above?

Is that possible to log in with user SAPService<sid> under Windows?

Thank you very much indeed!

regards

Thom

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

andreas_herzog
Active Contributor
‎06-02-2008 9:44 AM
0 Kudos

check sapnote 662340....

GreetZ, AH

Show replies
Show replies
Former Member
‎06-02-2008 10:26 AM
0 Kudos

Hi!

Thank you very much!

When I execute the commando >F:\usr\sap\SRP\SYS\exe\run>sapgenpse seclogin -l 2>&1

I get the following information:

running seclogin with USER="srpadm"

0: CN=Elsterlohn, OU=Abrechnung, O=Portalshowcase, C=DE

C:\Documents and Settings\srpadm\sec\elster_SRP800.pse

NOT readable for srpadm

1: CN=Elsterlohn, OU=Abrechnung, O=Portalshowcase, C=DE

C:\Documents and Settings\srpadm\sec\elster_SRP800.pse

NOT readable for srpadm

NO readable SSO-Credentials available (total 2)

Questions:

1) Are the bold warning critical?

2) How can I create the SSO-Credentials?

Thank you very much!

THom

Former Member
‎06-02-2008 11:08 AM
0 Kudos

You need to add the user to the pse-file.

If you are logged on as the wanted user already

sapgenpse seclogin -p elster_SRP800.pse

or, if adding for another user

sapgenpse seclogin -p elster_SRP800.pse -O <username>

Former Member
‎06-02-2008 6:12 PM
0 Kudos

Hi Tomas!

Thank you very much for your response.

It means I do not need to implement some additional steps for SSO credentials, only the both sapgenpse commandos.

Do I also need to make some additional steps in tcodes STRUST, SSFA?

An other question:

It seems that the company has some subsidiary companies.

Will the whole procedure be changed, regarding the installation of SAP BC and SAPCryptolib?

Do I need e.g. to create for every subsidiary company an separate .PSE file, pair of key, etc.?

Thank you very much!

Regards

Thom

Former Member
‎06-01-2008 9:13 PM
0 Kudos

Hi,

You will need to add 2 enviroment variables:

SECUDIR = F:\usr\sap\<sid>\DVEBMGS00\sec

SNC_LIB = <path>\sapcrypto.dll

If you want to run single sign-on via gssapi.

change SNC_LIB=<path>\gssntlm.dll

also add 3 parameters to the instance profile

snc/enable = 1

snc/gssapi_lib = <path>\gssntlm.dll

snc/identity/as = p:<DOMAIN>\SAPService<SID>

Show replies
Show replies
Ask a Question