BC-SNC, MIT Kerberos V, SSO, GSS-API v2

Norbert Klasen norbert+lists.mit-kerberos at burgundy.dyndns.org
Mon Sep 6 16:34:57 EDT 2004 


--On Freitag, 13. August 2004 11:37 +0200 "Barbat, Calin" 
<c.barbat at osram.de> wrote:

> Hello everybody,
>
> I need help with Single Sign-On for SAPguis running on Windows clients to
> an SAP Application Server 4.6C running on a Linux SLES server with
> authentification against an Active Directory provided by a Windows 2000
> Server.
>
> In the following I'll describe how far I got, so the specialists can help
> with the remaining things to do.
>
> I'm trying now to get the actual Kerberos implementation (release 1.3.1)
> from MIT to work with our SAP Application Server 4.6C.  Could it be that
> I need an older release? If so, which one and where can I get it?
>
> As I understand, the libgssapi_krb5.so library has to be tested for
> interoperability with a tool named gsstest, which is provided for free by
> SAP.
>
> I compiled, installed and configured Kerberos on the Linux AS and got a
> logon ticket from the Win2k KDC by logging in on the Linux prompt using:
>
>   kinit C.Barbat
>
> This ticket is shown by:
>
>   klist
>
> Then I issued:
>
>   gsstest-1.27/gsstest -l /usr/local/lib/libgssapi_krb5.so -d 4 -p
> kerberos_test.log
>
> This should test the library libgssapi_krb5.so with the most verbose
> output to kerberos_test.log.
>
> This file reads as follows:
>
> Now I need your help. What could I do next, in order to understand what
> went wrong and how to correct it?
>
> Any help or hint is greatly appreciated.
>
> C. Barbat

Hello Calin,
a colleague of mine has worked with BC-SNC (with X.509 certificates 
though). Here's what he said.

Norbert



Hello Calin,

I had also to prepare the certification process for the GSS-API by SAP. So 
I can imagine what kind of problems you have to deal with. Nevertheless the 
gsstest programm still has its bugs...

Since I didn't implement the GSS-API with kerberos, I can't help you on 
this  specific matter.
But the following output of the gsstest program:

>
>
>Loading GSS-API shared library #1 "/usr/local/lib/libgssapi_krb5.so" ...
>
>  Resolving SAP SNC-Adapter functions ...
>    GSS-API v2  "sapsnc_init_adapter"                  (  opt.   ) 
(missing)
>    GSS-API v2  "sapsnc_export_cname_blob"             (  opt.   ) 
(missing)
>    GSS-API v2  "sapsnc_import_cname_blob"             (  opt.   ) 
(missing)
>  Resolving Misc Support functions ...

points to some files offered by SAP. Try to add the sncadapt-Files to your 
project, compile them and add the header-files also. You can find the 
required files at the following address:

http://www.sap.com/partners/icc/scenarios/technology/bc-snc.aspx  (SNC 
Adapter 1.1)

This should solve the problem.

Mit freundlichen Gruessen / Best regards

Cevat Gürsoy
Senior Consultant
Avinci - The Know-How Company

More information about the Kerberos mailing list