SSO-SNC name for application servers in group/server selection

134 Views

Hello,

We want to test SSO in our SAP landscape and we have 2 application servers in our production environment. We will follow the below process

1. Install the kerberos client on the CI and DI (AIX).

2. Add the AIX servers to AD.

3. Create the keytab in AD and copied the keytab to the SAP servers.

The confusion is when we are creating the keytab do we need to use the same SPN for all the application servers (e.g @ XYZ.COM or do we need to have a have seperate SPN (e.g @ XYZ.COM) Also can we use the SPN as

4. Initialized the keytab on the AIX host.

5. Enable SNC parameter in the application servers.

Can the parameter /snc/identity/as be p: @ XYZ.COM?

Any help is really appreciated as I do not seem to find much information on this setup.

Thanks

Dee