I just read every paper I could find about SAP and SSO.
There's a lot about Enterprise Portal and backend (and only backend!) authentication via HTTP with the SSo2KerbMap Module.
It's kinda bit of bending of the meaning of SSO if you just mean you don't have to authenticate after creating a SapLogonTicket anymore but you have to login with username/pw to a SAP System at least once to create one.
What I'm trying to say: if I have to login to Windows (or any other OS) and then again to a SAP system, that's not really SSO. I'm missing a kerberos login module so the SapLogonTicket can be created by using the existing kerberos ticket on the windows client and just load the correct user & group information from the AD (LDAP) server. That would be true SSO.
Are there any OS login modules planned in the near future? Anyone?