SAPGUI SSO for HP-UX 11.23
DM
SAP has some great documentation on how to get SAPGUI to do SSO via
Kerberos. However, this documentation all deals with windows
application servers. Without purchasing a package, can I get this to
work with HP-UX 11.23?
Here is an example of the SAP windows centric documentation:
http://help.sap.com/saphelp_nw2004s/helpdata/en/44/0efeafb9920d1be10000000a114a6b/frameset.htm
Cheers,
DM
Markus Döhr
What are you trying to achieve? Authenticate you users against NIS or
against your local users on the HP-UX box?
That solution is Windows centric, it uses a proprietary library built by
SAP only for Windows
<quote>
Kerberos Single Sign-On (SSO) is a secure method of logging on to the
SAP system that simplifies the logon procedure without reducing
security. It is suitable if you only use Windows >= 2000 in your system
landscape.
</quote>
The application server will communicate with the ADS in order to find
out, if the user has an ADS ticket on his client machine.
I'm not aware of any product for HP-UX (or any other *nix) that is able
to do that.
--
Markus
DM
Thanks for the reply. We have full SSO with Windows 2003 Kerberos on
our UNIX machines using Putty and Kerberos. Works great. HP-UX
supports full GSSAPI and Kerberos.
I am trying to let SAPGUI leverage this and avoid passwords. SAP says
it "should" work on HP-UX, Linux, Solaris, etc. However, I am looking
for someone that has done this.
For example OSS Note: 352295 discusses the following:
The SAP test tool "GSSTEST" is used to test interoperability and
functions of a third party gss-api library, and it is freely available
for download from our Web-Server (as source code), follow the first link
about BC-SNC certification above. This tool can be used to check
interoperability between SAP-SNC and a third-party library on any
particular platform.
In a note to OSS I sent SAP Said:
SAP does not generally support the use of Kerberos for SNC.
HP's implementation of Kerberos might work for SNC (as far as I know
there are customers who implemented such a solution), but SAP is
not able to help with that.
Cheers,
DM
Tim
You should be aware that SAP have a certification program for software
vendors who have products that use the SNC interface. As far as I know
there is one such vendor who has a product, which uses the Kerberos
protocol and is SAP SNC certified. This companies SAP SNC products are
described at www.cybersafe.com/links/snc.htm
In summary - SAP do not support Kerberos on UNIX, but other vendors do.
I suggest you take a look.
Thanks,
Tim
Kevin Collins
Since you did not post ANY relevant text from the original message, I'm not
100% what you are responding to, but Quest Software's "Vintela Authentication
Services" (VAS) works with SAP's SNC. Don't know if it is SAP certified or
not... We are currently evaluating it for Unix and Linux authentication via ADS
and will more than likely use it for SAPGUI SSO once VAS is fully implemented
for authentication.
Kevin
--
Unix Guy Consulting, LLC
Unix and Linux Automation, Shell, Perl and CGI scripting
http://www.unix-guy.com
Tim
> Since you did not post ANY relevant text from the original message, I'm not
> 100% what you are responding to, but Quest Software's "Vintela Authentication
> Services" (VAS) works with SAP's SNC. Don't know if it is SAP certified or
> not... We are currently evaluating it for Unix and Linux authentication via ADS
> and will more than likely use it for SAPGUI SSO once VAS is fully implemented
> for authentication.
>
> Kevin
>
> --
> Unix Guy Consulting, LLC
> Unix and Linux Automation, Shell, Perl and CGI scripting
> http://www.unix-guy.com
In response to above, the VAS product is not SAP certified. I
understand that Quest have tried to certify this product a few times
and it has been rejected by SAP for various reasons. My post made
earlier was related to the CyberSafe products only. The reason is that
CyberSafe are totally focused on SAP security solutions, and all of
their application security solutions are SAP certified.