Skip to Content
avatar image
Former Member

SSO using kerberos on AIX and Windiws ADS


We have our ECC6 system on AIX 5.3 and users on windows platform (XP) using Windows 2003 ADS.

We were able to setup SSO using 2 easy steps for windows based sap servers and windows xp user systems using ADS.

My first question is - what file should I use for AIX system in the following profile parameter?

snc/gssapi_lib = E:\usr\sap\SIDSYS\exe\uc\NTAMD64\gssapi32.dll

Where can I download it from?

Where should I save it to?

Is there any other steps to be done for AIX with Windows ADS?

I created a message to SAP, and they came back and said that I have to ask the OS provider for the kerberos. As well, SAP said that they would not be able to support this.

Is this possible? I have looked at couple of postings on sdn which says that this is possible. But, I could not get in to the real details. I am stuck in the first step itself on getting the file.

If any of you have any inputs, pls help

Thank you.. JZKALH

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    Jan 06, 2010 at 04:15 PM


    You need to set snc/gssapi_lib to refer to a shared library, not a dll. The dll is for windows only, and on UNIX a shared library is used instead. Normally the shared library has file type .so (.sl on HP-UX).

    The GSS-API v2 SNC library you requrie is not provided with AIX operating system. Instead, you either need to download and compile an open source implementation of kerberos and use the shared library included with that code - this is not easy unless you have C development skills and have indepth knowledge of Kerberos, and it will not be supported by anybody (including IBM or SAP). The preferred solution is to buy a product from a SAP partner which includes AIX version of the SNC GSS-API v2 library, and then you will get a fully supported solution. I am surprised that SAP didn't tell you about this option ?



    Add comment
    10|10000 characters needed characters exceeded

    • Kyle,

      The method you described for finding SNC parnters is not the best/latest method - I am posting this info in case somebody else in future reads this thread (which has been marked answered). The best and recommended approach is to look on SAP EcoHub. There is tab at top of this page which takes you to EcoHub. The SAP EcoHub is the best place to find details of all SAP partners who have certified solutions. On the page you described many of the partners listed do not exist anymore, or are not supporting a BC-SNC solution anymore. If you visit SAP EcoHub and search for SNC and Kerberos (for example) you will find the partners who are active.