Scribd
Upload
147 views3 pages

Configuring The Application Server (SAP Library - Network and Transport Layer Security)

The document provides instructions for configuring an application server for network and transport layer security (SNC) as follows: 1. Copy the gssntlm.dll file to a specific directory and set the SNC_LIB environment variable. 2. Set several SNC parameters in the central instance profile including enabling SNC, specifying the SNC library location, and setting the SAP service identity. 3. Additional SNC parameters are included to allow password-based logins when SNC is enabled. 4. Restart the SAP system to activate the SNC profile parameter changes.

Uploaded by

henryderider
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
147 views3 pages

Configuring The Application Server (SAP Library - Network and Transport Layer Security)

The document provides instructions for configuring an application server for network and transport layer security (SNC) as follows: 1. Copy the gssntlm.dll file to a specific directory and set the SNC_LIB environment variable. 2. Set several SNC parameters in the central instance profile including enabling SNC, specifying the SNC library location, and setting the SAP service identity. 3. Additional SNC parameters are included to allow password-based logins when SNC is enabled. 4. Restart the SAP system to activate the SNC profile parameter changes.

Uploaded by

henryderider
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Configuring the Application Server (SAP

Library - Network and Transport Layer


Security)

...

1. Copy the gssntlm.dll file to the following directory on your central instance:

<DRIVE>:\USR\SAP\<SID>\SYS\EXE\RUN

For more information on how to get the gssntlm.dll file see SAP Note 352295.

2. Set the environment variable SNC_LIB to the location of the library.

3. In the central instance profile, set the following SNC parameters:

• snc/data_protection/max = 1
• snc/data_protection/min = 1
• snc/data_protection/use = 1
• snc/enable = 1
• snc/gssapi_lib = (<DRIVE>:\USR\SAP\<SID>\SYS\EXE\RUN\<gssntlm.dll>)
• snc/identity/as = p:<DOMAIN_NAME>\SAPService<SID>

where SAPService<SID> is the user who runs the SAP system.

and < DOMAIN_NAME> is the Windows NT domain of this user.

Although you can


freely choose
the Windows NT
account under which
the SAP system

Generated by Jive SBS on 2010-09-25+02:00


1
Configuring the Application Server (SAP Library - Network and Transport Layer Security)

runs, it is normally
SAPService<SID>.

If you use a
local account for
SAPService<SID>,
most operations
are successful.
However, any
operations or
communications
where the SAP
system initiates
SNC-protected
communication to
a remote machine
do not work with a
local account for
SAPService<SID>.
Therefore, use a
domain account.

Additional SNC Parameters

The following profile parameters let you continue with password-based access to the SAP
system when SNC has been enabled. To log on to the SAP system as an administrator to
maintain the mapping of Windows user accounts to SAP system user IDs (user and client),
you have to use these additional parameters at least once after enabling SNC. Once the
mapping (at least for the administrator) has been entered, you can disable further password-
based logons by removing the respective profile parameters.

• snc/accept_insecure_cpic = 1
• snc/accept_insecure_gui = 1
• snc/accept_insecure_rfc = 1
• snc/permit_insecure_start = 1
• snc/permit_insecure_comm = 1

4. Stop and restart the SAP system to activate the profile parameters. Changes to
SNC profile parameters always require an application server restart to take effect.

Generated by Jive SBS on 2010-09-25+02:00


2
Configuring the Application Server (SAP Library - Network and Transport Layer Security)

Generated by Jive SBS on 2010-09-25+02:00


3

You might also like