SAP SSO: "No Kerberos SSPI credentials available for requested name"
Michael Ströder
michael at stroeder.com
Mon Jun 9 13:20:47 EDT 2008
tomglx at googlemail.com wrote:
> On 9 Jun., 10:17, Michael Ströder <mich... at stroeder.com> wrote:
>> tom... at googlemail.com wrote:
>>> SAP Support says, that the guys at MIT have successfully implemented
>>> such a scenario
>> One of my customers also successfully installed that. I wasn't involved
>> in that though.
>>
>> With this particular error message I'd examine two things:
>> 1. DNS A and PTR RRs for all involved systems.
>> 2. Attribute servicePrincipalName for the server account.
>
> We have A und PTR for all our systems. But the KDCs are in the DNS
> Domain
> intra.cvk.de and the SAP Servers are in cvk.de.
Check that all RRs are resolvable also from AD.
> What do you mean by Attribute servicePrincipalName? We've already had
> to set a servicePrincipalName per AD SAP ServiceAccount, because
> we've had to produce a keytab with ktpass for each one of them.
I mean exactly this. Double-check that it's really what it should be.
> Does your customer run his SAP Servers on Linux?
Yes, Linux (and AIX).
Ciao, Michael.
More information about the Kerberos
mailing list