Skip to Content
0
Jan 12, 2008 at 11:56 AM

SNC for server to server - interop question

53 Views

If SNC is used on a SAP system the snc/gssapi_lib param on the system is used to determine which SNC library to use, so if an RFC is submitted on one server to communicate with another and the session is secured using SNC the same snc/gssapi_lib library (or one which is interoperable) needs to be configured on both systems. e.g. They both need to communicate using the same protocols.

If above is not possible, e.g. for company to company communications one company might be using a Kerberos gss-api library for SSO purposes and the other company might be using the SAP supplied SAPSECULIB, or another vendor SNC library - in this case, how can we make the two servers communicate using SNC ?

My initial ideas are:

1. We could use a gss-api library that negotiates which protocol to use (using SPNEGO mechanism oid) and then it would be possible to use x.509 on one system and Kerberos on another. I am not aware of such a library existing, so perhaps this creates an opportunity for a vendor such as us to code and sell ???

2. I wondered if there was a way to setup an intermediate system, e.g. using SAP router so that RFCs can be run between systems using different SNC libraries. I am not familiar with SAP Router to know if this can be done, so if anybody can help me I would appreciate it.

3. Maybe SAP are planning to allow multiple snc/gssapi_lib parms so that multiple protocols can be supported by one system ? If this was the case we would not have any problem.

If anybody has any ideas or information to help me with this I would be very grateful.

Thanks,

Tim