Colors of Noise

agx@sigxcpu.org

Kerberos and SAP on Linux
15th January 2009

The details on howto add GSSAPI/Kerberos to your Linux SAP server are nicely explained here (German). The only annoyance is that one has to hand edit the sources for the SNC adaptor. Therefore I've pushed an already patched tree (as desribed in the above document) here:

git clone http://honk.sigxcpu.org/git/sncadapt.git/

To build the source simply do a:

cd sncadapt 
make

And to "install" the resulting shared object copy to the location you specified for snc/gssapi_lib, e.g.:

cp snckrb5.so /usr/local/lib64/

The document also assumes you're using AD, so creating the principal for the server and extracting it's keytab takes several steps. If you're using e.g. Heimdal you can simply do a:

ktutil -k sapsrv.keytab get SAPService/sapsrv.example.com@EXAMPLE.COM

and copy the resulting file from your KDC to your server.

Tags: single-sign-on.

RSS feed