Skip to Content
author's profile photo Former Member
Former Member

SNC Using Kerberoes dll

Hi All,

I am enabling SNC using Kerberoes dll. I have made the required changes in Instance profile in the server,installed SAPSSO windows installer on my desktop. Given the instace profile parameter value snc/identity/as = " p:xxxxxxx " in Network tab in SAPGUI after activating SNC i selected the option " maximum security settings available".

I am getting the Error : No user exists with SNC name "p:prps

My question is :

1) Do we need to create windows user in the server with same name as the desktop user(prps)?. how can we map the Desktop user (prps) to the SAP user(devp1).

2) Does Disabeling the pofile parameter snc/accept_insecure_gui = 1 will stop users with out SNC ,SAPSSO on their machines?. How can we restrict the users loging without SNC

Instance Profile parameters

#snc/permit_insecure_start = 1

#snc/accept_insecure_rfc = 1

snc/accept_insecure_gui = 1

#snc/accept_insecure_cpic = 1

snc/identity/as = p:sap50uc

snc/gssapi_lib = E:\usr\sap\DV2\SYS\exe\run\gsskrb5.dll

snc/enable = 1

#snc/data_protection/use = 1

#snc/data_protection/min = 1

#snc/data_protection/max = 1

Thanks for the quick reply

Regards,

Srinivas.P

Add a comment
10|10000 characters needed characters exceeded

Related questions

2 Answers

  • Posted on Aug 31, 2009 at 07:59 PM

    Hi,

    Just to your first question:

    If you assign your SAP user (devp1) on the SNC tab page in SU01 the snc name of your windows user (e.g. p:prps(at)domain.xxx) it should work.

    And please be aware that the snc name in SAP is case sensitive, saying if you logon to windows with lower case letters, the snc name in SAP has to be in lower case letters too...

    Second question I do not know

    Regards

    Rolf

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Sep 16, 2009 at 08:47 PM
    I am getting the Error : No user exists with SNC name "p:prps

    You should always specify the full user name, including the domain.

    1) Do we need to create windows user in the server with same name as the desktop user(prps)?. 
    how can we map the Desktop user (prps) to the SAP user(devp1).

    The users should belong to the same domain or the different domains should have a trust between them.

    2) Does Disabeling the pofile parameter snc/accept_insecure_gui = 1 will stop users with out SNC ,
    SAPSSO on their machines?. How can we restrict the users loging without SNC

    This is the parameter to use. If you specify snc/accept_insecure_gui = 0 you are only allowed to use SSO.

    Beware that you could get problems if you need to use users like DDIC.

    When you activate snc, you get the SNC-tab in SU01.

    There you have the possibility to specify on each user if they are allowed to logon only via SSO or not.

    I think this is a more controlled way of handling users.

    Sometimes, e g in a warehouse, you have common computers always logged on to Windows but not into SAP.

    If several users share the same PC, not allowing "normal" SAPGUI would ruin their day.

    Instance Profile parameters 
    snc/identity/as = p:sap50uc

    One again, please specify the full name of the user. Include the domain

    Either the format <domain>\<username> or <username>@<domain>

    Edited by: Tomas Gustafsson on Sep 16, 2009 10:47 PM

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.