Skip to Content

SAPGui and Kerberos with Suse Linux

Oct 26, 2016 at 11:23 AM


avatar image


We areconfiguring the SSO between the Windows AD and the SAPGui using Kerberos in one of our AP servers. Our SAP system is a SAP ECC EhP7 with Netweaver 7.40 where the CI is running on HP-UX but one of the AP servers is running in Linux3.12.49-11-default x86_64.

We have installed the following libraries:




The keytabfrom from the CI has been copied to the / etc directory on the AP server .Using the SIDADM user we have generated the ticket /usr/bin/kinit -k -t/etc/krb5.keytab ht1adm@XHIJT.SEV.COM.

On RZ10, we have added the following SNC parameters:

### SNC parameters

snc/permit_insecure_start = 1

snc/data_protection/use = 3

snc/data_protection/max = 3

snc/data_protection/min = 1

snc/accept_insecure_r3int_rfc = 1

snc/accept_insecure_rfc = 1

snc/accept_insecure_cpic = 1

snc/accept_insecure_gui = 1

snc/gssapi_lib = /usr/lib64/

snc/enable = 1

snc/identity/as = p: ht1adm@XHIJT.SEV.COM

login/password_change_for_SSO = 0

The APserver can be started without problems but when we try to access to the system via SSO we have this error:

M ThSncCheckEnv: I'm SNC acceptor

M ThSncCheckEnv: initialized snc env

M ThSncCheckEnv: snc count of T16/U23: 1

M ThSncIn: process input data at7fe7ea30b008 with length 1812

N *** ERROR => SncPEstablishContext()==SNCERR_GSSAPI [sncxxall.c 3563]

N GSS-API(maj): No credentials were supplied, or the credentials were unavailableor inaccessible

N Unable toestablish the security context

N <<-SncProcessInput()==SNCERR_GSSAPI

M *** ERROR => ThSncIn:SncProcessInput (SNCERR_GSSAPI) [thxxsnc.c 1035]

M {root-id=00505684AB7D1EE6A2F91D63738B9A86}_{conn-id=00000000000000000000000000000000}_0

M *** ERROR => ThSncIn: SncProcessInput[thxxsnc.c 1040]

M {root-id=00505684AB7D1EE6A2F91D63738B9A86}_{conn-id=00000000000000000000000000000000}_0

M in_ThErrHandle: 1

M *** ERROR => ThSncIn:SncProcessInput (step 4, th_errno 44, action 1, level 1)[thxxhead.c 11560]

M {root-id=00505684AB7D1EE6A2F91D63738B9A86}_{conn-id=00000000000000000000000000000000}_0

Does anyone know what could be happening? We have already checked the SECUDIR and SECULIB and the server hostname it´s on the DNS.

SSO is working without problems in the CI that is running on HP-UX , problem is happening on the AP server which is running on SuSe Linux.

Thanks alot and best regards, Sapera

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

0 Answers