SAP SSO: "No Kerberos SSPI credentials available for requested name"
tomglx@googlemail.com
tomglx at googlemail.com
Mon Jun 9 09:40:48 EDT 2008
On 9 Jun., 10:17, Michael Ströder <mich... at stroeder.com> wrote:
> tom... at googlemail.com wrote:
> > SAP Support says, that the guys at MIT have successfully implemented
> > such a scenario
>
> One of my customers also successfully installed that. I wasn't involved
> in that though.
>
> With this particular error message I'd examine two things:
> 1. DNS A and PTR RRs for all involved systems.
> 2. Attribute servicePrincipalName for the server account.
>
> Ciao, Michael.
We have A und PTR for all our systems. But the KDCs are in the DNS
Domain
intra.cvk.de and the SAP Servers are in cvk.de.
The settings dns_lookup_realm = false and dns_lookup_kdc = false
should
suppress at least some of the DNS requests.
What do you mean by Attribute servicePrincipalName? We've already had
to set a
servicePrincipalName per AD SAP ServiceAccount, because we've had to
produce
a keytab with ktpass for each one of them.
Does your customer run his SAP Servers on Linux?
Regards, Thomas
More information about the Kerberos
mailing list