Kerberos validation in multi domain landscape
Stefan Molzen
SMolzen at sauer-danfoss.com
Mon May 7 06:39:04 EDT 2012
Dear community.
This is my first post on the list.
Thanks to all involved in those threads:
http://www.mail-archive.com/kerberos@mit.edu/msg06889.html
http://www.mail-archive.com/kerberos@mit.edu/msg07267.html
They helped a lot during Single Sign on setup using Kerberos and SAP SNC libraries in a heterogeneous system landscape (HPUX and Windows).
In a sandbox landscape (server and client Windows only systems existing in one domain) everything works fine.
------------------------------------------------
For production there is "only" one piece missing to get it up and running entirely.
And I hope you can help me out.
Our productive landscape is heterogeneous and uses multiple totally different domains
-SAP Application server ABAP: Running on HPUX with MIT Kerberos in one MS Active Directory domain: erp.customer.de (example)
-SAP Gui clients: running on Windows with SAP SNC libraries in another MS Active directory domain: network.int (example)
For the SAP system user (usually SIDadm) it is a must that the default_realm in krb5.conf is set to the erp.customer.de AD domain.
But the SSO only works if it is set to the network.int domain.
Is there any way to establish SSO with Kerberos and SAP SNC libraries in such a landscape (maybe a certain krb5.conf setup or so?)?
I hope I explained good enough and would appreciate a hint how to do. If not please tell me.
Thanks and lot
//Stefan
More information about the Kerberos
mailing list