I am trying to establish if it is possible to do the following (and if so, how):
- SAP ABAP System ECD running on Windows 2008 in domain SAPROOT.LOCAL
- User PCs authenticated in domain ADROOT.COMPANY.COM
- Microsoft Kerberos Security Provider to be used
- Want to do SAPGui SNC SSO Logon using the above security provider
I understand that it is possible to use the Microsoft Kerberos Security provider when the users are in the same Kerberos Realm as the SAP Servers.
However, when they are in different realms, like above, could anyone give me an idea of what are the additional steps required to allow the SAP system in SAPROOT.LOCAL to accept kerberos authentication from users in the ADROOT.COMPANY.COM domain?
Presumably there is some form of trust requiring to be setup - however, I can't join the domains, so wish to know if there is some special kerberos trust mechanism.