on 06-01-2008 4:54 PM
Hi!
I have the following question regarding to establishment of u201CELSTERu201D-approach on windows.
I set up the whole approach with user <sid>adm.
When I create a u201Cpair of keysu201D with commando u201Csapgenpse get_pse u2026u201D
I get 2 errors:
a) the directory u201Csecu201D could not be found
b) the file file u201Cticketu201D could not be found
The directory u201Csecu201D as well as the file u201Cticketu201D should exist under path F:\usr\sap\<sid>\DVEBMGS00\sec.
The problem is that the commando uses the path C:\Documens and Settings\<sid>adm\...
Question:
How can this setting be changed? Does some environment variable exist therefore?
The second problem I get with execution of commando for u201Ccreate of credentialsu201D.
The errors/warnings are:
c) No SSO for USER u201C<sid>admu201D with PSE file u201CC:\Documents and Settings\<sid>adm\sec\elster_file.pseu201D.
d) No readable SSO-Credentials available
Question:
How can I create the SSO for USER <sid>adm to avoid the errors above?
Is that possible to log in with user SAPService<sid> under Windows?
Thank you very much indeed!
regards
Thom
check sapnote 662340....
GreetZ, AH
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi!
Thank you very much!
When I execute the commando >F:\usr\sap\SRP\SYS\exe\run>sapgenpse seclogin -l 2>&1
I get the following information:
running seclogin with USER="srpadm"
0: CN=Elsterlohn, OU=Abrechnung, O=Portalshowcase, C=DE
C:\Documents and Settings\srpadm\sec\elster_SRP800.pse
NOT readable for srpadm
1: CN=Elsterlohn, OU=Abrechnung, O=Portalshowcase, C=DE
C:\Documents and Settings\srpadm\sec\elster_SRP800.pse
NOT readable for srpadm
NO readable SSO-Credentials available (total 2)
Questions:
1) Are the bold warning critical?
2) How can I create the SSO-Credentials?
Thank you very much!
THom
Hi Tomas!
Thank you very much for your response.
It means I do not need to implement some additional steps for SSO credentials, only the both sapgenpse commandos.
Do I also need to make some additional steps in tcodes STRUST, SSFA?
An other question:
It seems that the company has some subsidiary companies.
Will the whole procedure be changed, regarding the installation of SAP BC and SAPCryptolib?
Do I need e.g. to create for every subsidiary company an separate .PSE file, pair of key, etc.?
Thank you very much!
Regards
Thom
Hi,
You will need to add 2 enviroment variables:
SECUDIR = F:\usr\sap\<sid>\DVEBMGS00\sec
SNC_LIB = <path>\sapcrypto.dll
If you want to run single sign-on via gssapi.
change SNC_LIB=<path>\gssntlm.dll
also add 3 parameters to the instance profile
snc/enable = 1
snc/gssapi_lib = <path>\gssntlm.dll
snc/identity/as = p:<DOMAIN>\SAPService<SID>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
78 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.