on 03-15-2016 6:39 PM
We currently use NTLM single sign on for SAP on Windows. As soon as kerberos is enabled on an SAP system, it breaks sso on all PCs that don't have SAP Secure Login. If we install SAP Secure Login on a PC, it breaks sso for any systems for which spnego/kerberos isn't enabled yet.
It is not feasible for our company to roll out kerberos and secure login client as a "big bang" without testing. How can we transition so we do this in development first, then consolidation, then production?
Current Solution:
sec/libsapsecu = $(DIR_EXECUTABLE)\sapcrypto.dll
snc/gssapi_lib = $(DIR_EXECUTABLE)\gx64ntlm.dll
snc/identity/as = p:OURDOMAIN\SAPServiceSID
In su01, on the SNC tab, we specify p:NEXEOSOLUTIONS\<User Id>
New solution:
snc/identity/as | = p:CN=KerberosSID@OURDOMAIN.COM | |
spnego/enable = | 1 |
spnego/krbspnego_lib = $(DIR_EXECUTABLE)\SLL\sapcrypto.dl
In su01, on the SNC tab, we specify p:CN=<User Id>@OURDOMAIN.COM
Hello,
for the client side there is a migration guide available:
Then you can migrate the server side step by step. Of cause you need a new SAPGUI on the clients for that, but you can roll out this with the new Secure Login Client and the SNC_LIB_2 enviroment variables.
Maybe this hint helps you for a smooth migration solution.
best regards
Alexander Gimbel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.