Dear Manuel,

in order to use Kerberos based SSO for SAP GUI for Java e.g. on Mac, there is no difference when it comes to the server side configuration. Just normal SNC setup using X.509 and/or Kerberos PSEs on the backend is sufficient and will do it. User with SNC name assigned in SU01 and that's it. As you are already using SAP GUI SSO you are good to go.

I must confess, it is a while, since I domain-joined my Mac OS client, but it seemed to work pretty well using the Secure Login Client and either X.509 certificates or Kerberos Tickets. For the Java SAP GUI i used a connection string similar to: conn=/H/<FQHN>/S/32nn&sncon=true&sncqop=3&clnt=<xx>

And to make things very clear, I am still talking about using the product SAP Single Sign-On 3.0 from SAP according to this Community space.

Core question is, is there a Secure Login Client 3.0 available for Linux? Not really... or? In order to use SNC you need to have a SNC library on the client and the required environment variables such as SNC_LIB set. So you may be able to find a kind of SNC library for Linux working with Kerberos or "maybe" use the CommonCryptoLib in a way like you would use it on a server. Create a PSE containing a certificate and credentials for the OS user (cred_v2). I am sure this would work when you use a static X.509 certificate within the PSE, but not with kerberos.

My assumption, it won't work at all with Linux and Kerberos, as you would need to have a proper SNC client which is able to dig into the kerberos service ticket cache on the OS level and provides those kerberos tickets as a logon credential to the SNC library.

Hope that helps a bit, unfortunately currently I don't have time to check this out within a PoC.

Cheers, Carsten