Sncuserguide Ru PRUSOV

SNC
, mprusov@yandex.ru
11 2004 .

SNC
SAP- SAP AG. SNC Users
Guide 1.2 SAP AG,
, .
SAP AG.
SNC-, (MSNC-). ,
, http://mprusov.narod.ru/
sap/snc/index.html.
mailto:
mprusov@yandex.ru.
1.1 SNC? . . . . . . . . . . . . . .
1.2 SNC? . . . . . . . . . . . .
1.2.1 . . . . .
1.2.2 . . . . .
1.2.3
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
9
9
10
10
10
10
2 SNC SAP
2.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2 SNC SAP . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1 , SNC . . . . .
2.2.2 SNC
SAP- . . . . . . . . . . . . . . . . . . . . . . . . . .
2.3 . . . . . . . . . .
2.3.1 . . . . . . . . . . . . . . . . . . . . . . . . . .
2.3.2 . . . . . . . . . . . . . . . . . . . . . . . . . .
2.4 SAP- . . . . . . . . . . . . .
2.5 SNC . . . . .
2.6 . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16
17
17
18
19
19
22
3 SNC SAP
3.1 . . . . . . . . . . . . . . . . . . . . . . .
3.2
3.2.1 snc/enable . . . . . . . . . . . . . . . . . . . . .
3.2.2 snc/user_maint . . . . . . . . . . . . . . . . . .
3.2.3 snc/gssapi_lib . . . . . . . . . . . . . . . . . . .
3.2.4 snc/identity/as . . . . . . . . . . . . . . . . . .
3.2.5 snc/data_protection/max . . . . . . . . . . . . .
3.2.6 snc/data_protection/min . . . . . . . . . . . . .
3.2.7 snc/data_protection/use . . . . . . . . . . . . .
25
25
26
26
28
28
29
29
30
31
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
13
13
15
15
3.3
3.4
3.5
3.6
3.7
3.2.8 snc/r3int_rfc_secure . . . . . . . . . . . . . . . . . . .
3.2.9 snc/r3int_rfc_qop . . . . . . . . . . . . . . . . . . . . .
3.2.10 snc/permit_insecure_comm . . . . . . . . . . . . . . .
3.2.11 snc/accept_insecure_cpic . . . . . . . . . . . . . . . . .
3.2.12 snc/permit_insecure_gui . . . . . . . . . . . . . . . . .
3.2.13 snc/accept_insecure_gui . . . . . . . . . . . . . . . . .
3.2.14 snc/accept_insecure_r3int_rfc . . . . . . . . . . . . . .
3.2.15 snc/accept_insecure_rfc . . . . . . . . . . . . . . . . .
3.2.16 snc/permit_insecure_start . . . . . . . . . . . . . . . .
3.2.17 snc/force_login_screen . . . . . . . . . . . . . . . . . .
3.2.18 rdisp/maximum_snc_hold_time . . . . . . . . . . . . .
3.2.19 login/disable_password_logon . . . . . . . . . . . . . .
3.2.20 login/password_logon_usergroup . . . . . . . . . . . .
. . . . . . . . . . . .
3.3.1 snc/enable . . . . . . . . . . . . . . . . . . . . . . . . .
3.3.2 snc/gssapi_lib . . . . . . . . . . . . . . . . . . . . . . .
3.3.3 snc/permit_insecure_start . . . . . . . . . . . . . . . .
3.3.4 gw/rem_start . . . . . . . . . . . . . . . . . . . . . . .
SAP- . . . . . . . . . . . . . . . . . . . .
3.4.1 (ACL) . . . . . . . . . . . .
3.4.1.1
3.4.1.2 . . . .
3.4.2 . . . . . . . . . . . . . . . . . . . . .
3.4.2.1 SAPlpd . . . . . . . . . .
3.4.2.2 RFC . . . . . . . . . . . . . . . . . . . . . . .
3.4.2.3 CPIC . . . . . . . . . . . . . . . . . . . . . .
3.4.2.4
. . . . . . . . . . . . . . . . . . . . . . . .
3.5.1 . . . . . . . . . . . . . . . .
3.5.1.1
3.5.1.2 . . . .
3.5.2 . . . . . . . . . . . . . . . . . . . . .
3.5.2.1 SAPlpd . . . . . . . . . .
3.5.2.2 RFC . . . . . . . . . . . . . . . . . . . . . . .
3.5.2.3 CPIC . . . . . . . . . . . . . . . . . . . . . .
SAP- . . . . . . . . . . . .
3.6.1 SNC- . . . . .
3.6.2 SNC- . . . .
SAP- . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
31
32
32
33
34
34
35
35
36
36
37
37
38
38
39
39
40
40
40
41
41
42
42
42
42
43
43
43
44
44
44
45
45
45
45
45
45
48
49

4 SNC
4.1 SNC: SAPgui SAP- . . . . . . . . . . . . .
4.1.1 SAPgui (sapgui.exe) . . . . . . . . . . . . . .
4.1.1.1 SNC_PARTNERNAME . . . . . . . . . . . . . .
4.1.1.2 SNC_LIB . . . . . . . . . . . . . . . . . . . . . .
4.1.1.3 SNC_MODE . . . . . . . . . . . . . . . . . . . .
4.1.1.4 SNC_QOP . . . . . . . . . . . . . . . . . . . . .
4.1.2 SAPgui (SAP Logon) . . . . . . . . . . . . . .
4.1.2.1 . . . . . . . . . . . . .
4.1.2.2 . . . . . . . . . . .
4.1.2.3 . . . . . . . . . . . . . . .
4.1.3 SAPgui (SAP Shortcuts) . . . . . . . . . . . .
4.1.3.1 SNC_NAME . . . . . . . . . . . . . . . . . . . .
4.1.4 (SAP-) . . . . . . . . . . . . . . . . . .
4.2 SNC: RFC- SAP- . . .
4.2.1 ( ) . . . . . . . . . . . . .
4.2.1.1 SNC_PARTNERNAME . . . . . . . . . . . . . .
4.2.1.2 SNC_LIB . . . . . . . . . . . . . . . . . . . . . .
4.2.1.3 SNC_MODE . . . . . . . . . . . . . . . . . . . .
4.2.1.4 SNC_QOP . . . . . . . . . . . . . . . . . . . . .
4.2.1.5 SNC_MYNAME . . . . . . . . . . . . . . . . . .
4.2.2 (SAP-) . . . . . . . . . . . . . . . . . .
4.2.3 . . . . . . . . . . . . . . .
4.3 SNC: CPIC- SAP- . .
4.3.1 ( ) . . . . . . . . . . . . .
4.3.1.1 SNC_PARTNERNAME . . . . . . . . . . . . . .
4.3.1.2 SNC_LIB . . . . . . . . . . . . . . . . . . . . . .
4.3.1.3 SNC_MODE . . . . . . . . . . . . . . . . . . . .
4.3.1.4 SNC_QOP . . . . . . . . . . . . . . . . . . . . .
4.3.1.5 SNC_MYNAME . . . . . . . . . . . . . . . . . .
4.3.1.6 GWSERV . . . . . . . . . . . . . . . . . . . . . .
4.3.2 (SAP-) . . . . . . . . . . . . . . . . . .
4.3.3 . . . . . . . . . . . . . . .
4.4 SNC: RFC- SAP- . . .
4.4.1 RFC- SNC- SM59
4.4.2 SAP- R/2 . . . . . . . . . . . . . . . . . . . . .
4.4.3 SAP- SAP- . . . . . . . . . . . . . . . .
4.4.3.1 (SAP-) . . . . . . . . . . . .
4.4.3.2 (SAP-) . . . . . . . . . . . . .
4.4.3.3 . . .
5
51
51
52
52
52
53
53
53
54
55
55
55
56
56
56
57
57
58
58
58
59
59
59
60
60
61
61
61
62
62
62
63
63
64
64
67
67
68
68
69
4.4.4
4.4.5
4.4.6
. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .
TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.4.6.1 (SAP-) . . . . . . . . . . . .
4.4.6.2 ( ) . . . . . . . . .
4.4.7 TCP/IP
4.4.7.1 (SAP-) . . . . . . . . . . . .
4.4.7.2 ( ) . . . . . . . . .
4.4.7.3 . . . . . . . . . . . . . . . . . .
4.4.8 TCP/IP SAPgui
4.4.8.1 (SAP-) . . . . . . . . . . . .
4.4.8.2 ( ) . . . . . . . . .
4.4.9 TCP/IP . . . . . . . .
4.4.9.1 (SAP-) . . . . . . . . . . . .
4.4.9.2 ( ) . . .
4.4.9.3 SNC . . .
4.4.9.4 . . . . . . . . . . . . . . . . . .
4.4.10 SM51 . . . . . . . . .
4.4.11 SM59 . . . . . . . .
4.4.12 . . . . . . . . . . . . . . . . . . .
4.4.12.1 BACK . . . . . . . . . . . . . . . . . . .
4.4.12.2 NONE . . . . . . . . . . . . . . . . . .
4.4.13 RFCDES- . . . . . . . . . . . . . . .
4.4.14 RFC- . . . . . . . . . . . . . . . . . . . . . . . . .
4.5 SNC: CPIC- SAP- . .
4.6 SNC: . . . . . . . . . . . . . . . . . . . . . . .
4.6.1 (SAP-) . . . . . . . . . . . . . . . . .
4.6.2 ( SAPlpd) . . . . . . . . . . . . . . .
4.6.2.1 gssapi_lib . . . . . . . . . . . . . . . . . . . . . .
4.6.2.2 enable . . . . . . . . . . . . . . . . . . . . . . . .
4.6.2.3 identity/lpd . . . . . . . . . . . . . . . . . . . . .
4.6.3 SNC- SAPlpd . . . . . . . . . . .
4.7 SNC: SAProuter SAProuter . . . . . . . . . . . . .
4.7.1 SNC- . . . . . . . . . . . . . . . . .
4.7.2 . . . . . . .
4.7.2.1 KT- . . . . . . . . . . . . . . . . . . . . .
4.7.2.2 KP-, KD- KS- . . . . . . . . . . . . . .
4.7.3 . . . . . . . . . . . . . . . . . . . . . . .
4.7.4 SNC . . . . . . . . . . . . . . .
70
71
71
71
71
72
72
72
73
74
74
74
75
75
75
75
75
75
75
75
75
76
76
76
77
78
78
78
78
80
81
81
84
85
85
85
86
86
86

4.8 SNC: ITS SAP- . . . . . . . .
4.8.1 (ITS WGate) . . . . . . . . . . .
4.8.1.1 SNC_LIB . . . . . . . . . . . . . . .
4.8.1.2 Type . . . . . . . . . . . . . . . . . .
4.8.1.3 SncNameAGate . . . . . . . . . . .
4.8.1.4 SncNameWGate . . . . . . . . . . .
4.8.2 (ITS AGate) . . . . . . . . . . . . .
4.8.2.1 SNC_LIB . . . . . . . . . . . . . . .
4.8.2.2 Type . . . . . . . . . . . . . . . . . .
4.8.2.3 SncNameAGate . . . . . . . . . . .
4.8.2.4 SncNameWGate . . . . . . . . . . .
4.8.3 (ITS AGate) . . . . . . . . . . . .
4.8.3.1 sncNameAGate . . . . . . . . . . .
4.8.3.2 sncNameR3 . . . . . . . . . . . . .
4.8.3.3 sncQoPR3 . . . . . . . . . . . . . .
4.8.4 (SAP-) . . . . . . . . . . .
4.9 C .
4.9.1 CPIC .
4.9.2 RFC .
7
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
88
88
89
89
89
90
90
90
91
91
91
91
92
92
92
93
94
94
94
A SNC-
95
B SNC-
97
C 3.1G/H 4.0A
C.1 snc/data_protection/max . . . . . . . . . . .
C.2 . . . . . . . . . . . . . . . . . . . . . . . .
99
99
99
SNC (Secure Network Communications ), ,

, .
1.1
SNC?
SNC SAP-, .
SAP- , SAP
. SNC ,
. , SNC:
SNC . SNC
, SNC (,
SAPgui SAP).
, SAP- (, -
).
10
1.
. , .

- SAP-.
1.2
SNC?
SNC SAP-. SAP-

, . SNC
SAP-.
:

1.2.1
,
.
. , SNC.
1.2.2
, .
.
1.2.3

, .
1.2. SNC?
11
.
, SNC.
12
1.
2
SNC SAP
SNC SAP-.
2.1
SNC .
.
GSS-API V2 , IETF
(Internet Engineering Task Force). SNC GSS-API V2
.
, , gssapi, SNC_LIB , , . , (
, ).
(credentails) ,
. , , .
, . ,
14
2. SNC SAP

.
, (, SAP-)
. . 2.3.2: .
SNC- SAP-. SNC- , . 3.1I
4.0A . SNC-
:
< >:< >
< >/<>:< >
:
< > , :
p , ;
s /;
u .
<> .
< >
, (.
).
SNC-
.
SNC-:
p:C=RU, O=Mecomp, OU=IT, CN=mprusov
s:sap03@h502
2.2. SNC SAP
15
p/cpro:C=RU, O=Mecomp, OU=IT, CN=mprusov

s/cpro:sap03@h502
, , SAP-
, . GSS-API V21 .
, , QoP ,
, (
, , ).
SNC- SAP- , SNC.
2.2
SNC SAP
,
SNC , SNC
SAP-.
2.2.1
, SNC
SNC SAP-:

/ , .
.
( ).
1
gss_canonicalize_name.
16
2. SNC SAP

. :

SAP-, .
- .
(Single SignOn).
SNC ,
,
, .
,
SAP- GSSAPI V2 IETF.
2.2.2
SNC
SAP-
SNC ( , SAPgui, RFC- .) SAP- c ,

( 2.1).
SNC,
. SNC, SNC
SAP-NI.
(, ).
SNC GSS-API V2.
SAP-
, .
2.3.
17
. 2.1. SNC SAP-.
2.3
, .
2.3.1
, SAP-,
:
, GSS-API V2.
18
2. SNC SAP
.
,
SAP-.
(ICC) SAP AG.
SAP-. SAP AG,
ICC[1] 66687[6].
2.3.2
.
SAP-.
, SNC-, SAP
SAP- .
SAP-
.
, , X.500.
SAP-, ,
,
SAP- , . , X.500,
SAP- CN, (OU, O, C) .
, solarmic SAP-
:
C=RU, O=HOME, OU=IT, CN=solarmic
SAP-,
SAP-. ,
, . :
sap< >.< >
2.4. SAP-
19
, 01,
mysapcom, :
C=RU, O=HOME, OU=IT, CN=sap01.mysapcom
, ,
RSUSR300 SNC-
SAP-.
2.4
SAP-
SAP- :
SAP (SAP WAS)
SAPgui
SAPlpd
RFC-
CPIC-
SAProuter
SAP ITS
SNC-
2.1.
, ,
SNC, , 4:
SNC.
2.5
SNC
SNC .
,
, . , SAPgui
20
2. SNC SAP
SNC
3.1G
4.1
SAPgui
SAP WAS
..
SAP WAS
RFC
4.0A
4.2
..
SAP WAS
CPIC
4.0A
4.3
SAP WAS
SAP WAS
RFC
4.0A
4.4.3
SAP WAS
SAP WAS
CPIC
4.0A
4.5
SAP WAS
..
RFC
4.0A
4.4.64.4.8
SAP WAS
..
CPIC
4.0A
4.5
SAP WAS
SAPlpd
3.1G
4.6
SAProuter
SAProuter
4.0A
4.7
SAP ITS
SAP WAS
4.5A
4.8
2.1. SNC- SAP-.

SAP-, SAPgui
, .
SNC- .
:
SNC
SNC- ( )

:
SNC
SNC-

, ,
SNC-:
2.5. SNC
21
SNC_MODE
SNC. 0: SNC
; 1: SNC .
SNC_MYNAME
SNC- . . 255 2 .
SNC_PARTNERNAME
SNC- . . 255 .
SNC_QOP
( ). 1: ; 2: ; 3:
; 8: -; 9:
.

. ,
.
SNC_LIB
, .
. 255 .
, , SAP-.
/ , ,
.
, SNC .
2
255 . SNC- , SAP-

. 184277[8].
22
2. SNC SAP
2.6
SNC:
SNC SAP-.
,

SAP. SNC
. SAP ( 2.2).
,
RFC- .
SAP-
, , (, RFC). ( SNC ), SAP- .
SNC- ( 2.2).
snc/r3int_rfc_secure.
SAP-.

. (sapdp<nn>)
, SAProuter. SAProuter 3299.
SAP- ,
, SNC, . , , .
snc/accept_insecure_gui.
2.6.
23
. 2.2. , SNC.
(sapgw<nn>s)
, SNC, SAP-
RFC-.
SAP- RFC-. SNC
, SNC, RFC-.
,
. sapgw<nn>s
sapgw<nn> SAP-.
48004899.
, SAProuter.
, ,
SAProuter
SAProuter.
24
2. SNC SAP
3
SNC
SAP
SNC
SAP-.
3.1
SAP-. , SAP, .
, .
, , .
SNC- , SNC-
SAP-.
,
SNC SNC. , .
SNC- SAP- RSSNCSRV.
SNC SAP- ,
, SNC . -
26
3. SNC SAP
. ,
, SNC, , .
3.2
SAP- RZ1012 .
( ).
, snc/identity/as , snc/gssapi_lib .
SNC- SAP-.
3.2.1
snc/enable
SNC .
.
SNC . SNC 1.
, SNC, , SNC, . , ,
, (snc/
accept_insecure_gui, snc/accept_insecure_rfc , snc/accept_insecure_cpic).
snc/gssapi_lib. SNC
,
1
, RZ10
. 396983[10].
2
4.0B 4.5B, , RZ10
, SNC- .
149646[7].
3.2.
snc/enable
snc/user_maint
snc/gssapi_lib
snc/identity/as
snc/data_protection/max
snc/data_protection/min
snc/data_protection/use
3.1
4.0
4.5
4.6
6.1
6.2
snc/r3int_rfc_secure
snc/r3int_rfc_qop
snc/permit_insecure_comm
snc/accept_insecure_cpic
snc/permit_insecure_gui
snc/accept_insecure_gui
snc/accept_insecure_r3int_rfc
snc/accept_insecure_rfc
snc/permit_insecure_start
snc/force_login_screen
rdisp/maximum_snc_hold_time
login/disable_password_logon
login/password_logon_usergroup
27
3.1. SNC- SAP-.
28
3. SNC SAP
. , , ( , , SncInit, SNCERR_INIT).
- 0 (SNC ).
snc/gssapi_lib, snc/identity/as.
0: SNC ; 1: SNC .
3.2.2
snc/user_maint
SNC SU01.
3.1.
, SAP SNC- ,
1.
- 0 ( SNC-).
.
0: SNC-; 1:
SNC-.
3.2.3
snc/gssapi_lib
.
.
GSS-API V2 .
SNC , . ,
SAP- ,
3.2.
29
, ,
.
-
.
.
255 .
.
3.2.4
snc/identity/as
SNC- .
.
SNC-
SAP-. .
(message server) SNC- SAP
Logon RFC- .
- .
.
. 2.3.2: .
3.2.5
SNC-, SAP-.
.
.
3.1G/H: , , .
, .
30
3. SNC SAP
3.1I: .
4.0A: . .
, RFC- , .
4.0B: ,

(9). .
3.1 4.0A
.

C: 3.1G/H 4.0A.
- 3 ( ).
snc/data_protection/min, snc/data_protection/
use.

snc/data_protection/use.
: 1: ; 2: ;
3: .
3.2.6
snc/data_protection/min
, SNC-.
.

, .
SNC , . ,
.
- 2 ( ).
3.2.
31
snc/data_protection/max, snc/data_protection/
use.
: 1: ; 2: ; 3:
.
3.2.7
snc/data_protection/use
,
SAP .
.
RFC- CPIC-.
RFC- CPIC-, - (8).
- 3 ( ).
snc/data_protection/min, snc/data_protection/
max.

snc/data_protection/min snc/data_protection/max. : 1:
; 2: ; 3: ; 9: ,
snc/data_protection/max.
3.2.8
snc/r3int_rfc_secure
SNC RFC-.
4.0A.
, , SNC,
RFC- .
,
RFC-
32
3. SNC SAP
SNC.
.
2.6: .
- 0 ( SNC
RFC-).
snc/accept_insecure_rfc,
snc/accept_insecure_r3int_rfc.
0: SNC RFC-; 1: SNC
RFC-.
3.2.9
snc/r3int_rfc_qop
SNC- RFC-.
4.0A.
,
RFC- , SNC
RFC- .
- 8 ( ,
snc/data_protection/use).
snc/r3int_rfc_secure.
,
snc/data_protection/min. : 1: ; 2: ; 3: ; 8: ,
snc/data_protection/use; 9:
, snc/data_protection/max.
3.2.10
snc/permit_insecure_comm
CPIC-
SNC.
3.2.
33
3.1.
-, SNC,
, SNC, CPIC-.
3.1 CPIC- SNC
, 1
, CPIC .
- 0 ( CPIC-).
.
0: CPIC-; 1: CPIC-.
3.2.11 snc/accept_insecure_cpic
CPIC- SNC.
4.0.
-, SNC,
, SNC, CPIC-. .
- 0 ( CPIC-).
.
0: CPIC-; 1: CPIC-; U:
CPIC- ,
.
3.6: SAP-.
34
3. SNC SAP
3.2.12
snc/permit_insecure_gui
, SNC, SAPgui SNC.

3.1.
-, SNC,
SAP- SAPgui,
SNC.
.
, SAPgui ,
.
- 0 ( ).
.
0: ; 1: ,
3.2.13
snc/accept_insecure_gui
, SNC, SAPgui SNC.

4.0.
snc/permit_insecure_gui.
- 0 ( ).
.
0: ; 1: ; U: , .
3.6: SAP-.
3.2.
3.2.14
35
snc/accept_insecure_r3int_rfc
, SNC, RFC-
SNC.
4.0.

RFC-. RFC-,
snc/accept_insecure_rfc.

snc/accept_insecure_rfc 0. ,
RFC-
.
- 1 (
RFC-).
snc/accept_insecure_rfc, snc/r3int_rfc_secure.
0: RFC; 1: RFC-.
3.2.15
snc/accept_insecure_rfc
, SNC, RFC-
SNC.
4.0.
-, SNC,
SAP- RFC-. ,
RFC-,
- 0 (
RFC-).
36
3. SNC SAP
0: RFC; 1: RFC-;
U: RFC-
,
. 3.6: SAP-.
3.2.16
,
SNC, .
4.0.
-, SNC ,
, SNC, .
- 0 ( SNC).
.
0: SNC-; 1: SNC-.
3.2.17
snc/force_login_screen
SNC-.
4.5.
-, SNC , SNC-
, .
- 0 (
).
.
3.2.
37
0:
; 1 X3 : .
3.2.18
rdisp/maximum_snc_hold_time
SNC-4 .
4.6C.
, SNC, SAP-
Hold .

. SNC-.
- 0 ( ).
.
0: ; >0: , .
3.2.19
login/disable_password_logon
,
5 .
4.6.
, .
snc/accept_insecure_gui , , SNC,
.
3
1, 4.6, 6.10, 6.20

, - X.
667470[12].
4
625823[11].
5
379081[9].
38
3. SNC SAP
- 0 ( ).
login/password_logon_usergroup.
0: ;
1:
, login/password_logon_usergroup.
3.2.20
login/password_logon_usergroup
, , 6 .
4.6.
, , , , login/
disable_password_logon 1.
- .
login/disable_password_logon.
SU01 ( Logon data, User group for authorization
check).
3.3
, SNC, SAP-
. SNC , .
,
. , .
6
379081[9].
3.3.
39
3.1I SNC RFC- CPIC-, snc/permit_insecure_comm 1.

, 4.0.
,
SNC.
3.3.1
snc/enable
SNC .
.
, , SNC, 1.
SNC :
(sapgw<nn>) (sapgw<nn>s),
.
, SNC
. , SNC-, snc/permit_insecure_start .
- 0 (SNC ).
snc/gssapi_lib, snc/permit_insecure_start.
0: SNC ; 1: SNC .
3.3.2
snc/gssapi_lib
. snc/gssapi_lib SAP-.
.
40
3. SNC SAP
3.3.3
,
SNC, .
SAP-.
3.3.4
gw/rem_start
CPIC-.
4.0.
SNC,
RFC- CPIC- SNC-. , ,
. ,
SNC.
4.0A 4.0B: REMOTE_SHELL
, gw/remsh , ..
4.5A: DISABLED .
- REMOTE_SHELL (
rsh remsh).
SNC.
REMOTE_SHELL: rsh
remsh; REXEC: rexec; DISABLED:
.
3.4
SAP-
4.0 SNC SAP- ( SPRO).
3.4. SAP-
41
SNC : Basis Components System Administration Management of External Security Systems Secure Network Communication. SO70
SIMG_BCSNC.
SNC- SNC-, SNC
SNC- . , ,
, SNC-
, .
3.4.1
(ACL)
, . ACL ACL.
3.4.1.1
ACL:
SNC SAP-.
SU01. 3.6: SAP-.
ACL SNC- ,
, SAP-
, . 2.3.2: .
ACL SU01, SM30 USRACL SNC .
3.6: SAP-.
ACL SNC RFC- CPIC- SM30
USRACLEXT.
3.6.2: SNC- .
42
3. SNC SAP
RFC- , SAP- RFC-:
S_RFC RFC-.
S_RFCACL RFC-.
(Authorization Info
System) SUIM, , .
- (Cross-application Authority Objects).
3.4.1.2
, SNC-, . ACL SNC0 SM30 VSNCSYSACL.

4.4.3: SAP- SAP.
3.4.2
, SNC, SAP-,
RFC- CPIC-.
3.4.2.1
SAPlpd
, SNC- , SPAD. 4.6: SNC: .

3.4.2.2
RFC
RFC
SNC:
RFC- SM59 RFC-. 4.4: SNC: RFC- SAP-.
3.5.
43
SNC- RFC-
SM30 RFCDESSECU SNC-. 4.4: SNC: RFC- SAP-.
3.4.2.3
CPIC
CPIC SNC:
CPIC- SM54 CPIC-. 4.5: SNC: CPIC- SAP-.
SNC- CPIC- SM30 TXCOMSECU SNC-.
4.5: SNC:
CPIC- SAP-.
3.4.2.4
, , :
SNC- SNC- SAP- ,
, RSUSR402.
, RSSNCCHK, SNC-
SAP-, SNC.
SNC- ,
SNC- . , , , SNC- ,
, .
3.5
, SAP, :
44
3. SNC SAP

(, ALE)

, SNC-. - . -
.
3.5.1
3.5.1.1

.
USRACL ( SNC- ) SM30.

USRACLEXT ( SNC- SNC-
RFC- CPIC-) SM30.
3.5.1.2
( SNC-
), SNC0 SM30 VSNCSYSACL E.
( I).

VSNCSYSACL. SM30
VSNCSYSACL.
3.6. SAP-
3.5.2
45

, SNC.
3.5.2.1
SAPlpd
SAP: BC Printing Guide Transporting Printers (Device Definitions)

Transporting a Device Type [2].
3.5.2.2
RFC
RFC- .
3.5.2.3
CPIC
CPIC- .
3.6
SAP-
SNC, , ,
, SNC- SAP-. , SAP- SAPgui
SNC, SNC- SAPgui SNC SAP-. , SAP- SNC-,
, ( ) . , SAP-,
, , .

SAP-.
3.6.1
SNC-
SAP-, SNC,
46
3. SNC SAP
SAP- SNC- .
/ :
SNC- SAP-. ,
SNC- .
, 4.5,
SNC- . , SNC- SAP.
4.5 (
snc/force_login_screen, 0) , SNC- SAP. SNC- ,
,
. 3.7: SAP-.

SNC, U snc/accept_insecure_gui.
SNC- :
1. SU01, .
2. SNC- SNC.
3.1.
3. SNC name SNC- .
4. Unsecure communication permitted SNC. ,
snc/accept_insecure_gui U.
3.6. SAP-
47
. 3.1. SNC- SAP-.
SAP- ACL ( USRACL) SNC- .

, Canonical
name determined.
USRACL SM30 , SNC-.
48
3. SNC SAP
3.6.2
SNC-
3.1 SNC RFC-

CPIC-, 4.0.
, , SNC,
RFC- CPIC-, SAP- SNC-
.
SU01 SNC-
RFC- CPIC-. ,
SU01 SNC- . ,
SNC- SAP-,
ACL ( USRACLEXT).
ACL ,
, SNC, WebRFC-.
SNC- SAP- SU01 .
SNC- SM30
USRACLEXT. ACL , :
, ACL.
SNC- ,
SAP- ,
.
USRACLEXT SM30 .
: SAP-,
SNC- , SNC-.
* SNC-. * , :
* , SNC-.
* SNC-, SNC.
3.7. SAP-
49
* , SNC, SNC-.
* ,
.
3.7
SAP-
4.5
SNC.
:
snc/force_login_screen 0.

.
snc/force_login_screen 1 X7 ,
.
667470[12].
50
3. SNC SAP
4

SNC
SNC SAP- .
, , . ,
SAProuter-,
, .
SAP-
SAP-.
SNC .
, .
, , .
4.1
SNC: SAPgui SAP-
SAPgui SAP-, SAPgui , SAP- .

, SAPgui 4.0.
SAPgui:
sapgui.exe,
52
4. SNC
SAP Logon,
SAP Shortcuts.
SNC-, SNC,
, .
4.1.1
SAPgui (sapgui.exe)
, , SNC,
SAPgui SAP-, SAPgui SNC-
,
sapgui.exe. .
4.1.1.1
SNC_PARTNERNAME
SNC- SAP-.
SNC- SAP .
- SNC-.
.
, ".
.
4.1.1.2
SNC_LIB
.
GSS-API V2 .
-
.
.
255 ,
". .
.
4.1. SNC: SAPgui SAP-

4.1.1.3
53
SNC_MODE
SNC.
, SNC.
- SNC_PARTNERNAME , 1, 0.
.
0: SNC ; 1: SNC .
.
4.1.1.4
SNC_QOP
.
SNC-.
- 3.
.
1: ; 2:
; 3: ; 8:
-; 9: .
.
4.1.2
SAPgui (SAP Logon)
SAP Logon SAPgui,

SNC- . SNC_LIB
.
, SNC- , Advanced. . . .
SNC-,
:
54
4. SNC
. 4.1. SNC- SAP Logon.
,
,
.
1 .
4.1.2.1
SAP Logon :
1
SAP (message server),

: sapms<SAPSID>
services.
4.1. SNC: SAPgui SAP-
55
1. News. . . .
2. Advanced. . . . Advanced options 4.1.
3. SNC-:
(a) Enable Secure Network Communication.
(b) SNC- SNC name.
(c) SNC-.
4.1.2.2
Server. . . SNC- .
SNC , SNC- SNC name.
4.1.2.3
Groups. . . SNC- .
, SNC , SNC. ,
SNC name , SNC-
. SAP-.
4.1.3
SAPgui (SAP Shortcuts)
SAP Shortcuts , SNC,

SAPgui 4.5. SAPgui .
SAP Logon. , SNC SAP
Shortcuts SNC .
SAP Shortcuts SAP-,
56
4. SNC
SAP Shortcuts, . SAP Shortcuts - . , SNC,

.
, SAP Shortcuts .
-2 .
SAPgui 4.6D3 SNC-
SAP Shortcuts.
4.1.3.1
SNC_NAME
SNC- .
SNC- .
- .
.
.
.
4.1.4
(SAP-)
SAP- SNC- SAPgui 3.2: 3.6: SAP-.
4.2
SNC: RFC-
SAP-
RFC- , SAP- .
, 4.0, RFC- SNC ,
SAP- 4.0.
2
SAPgui SAP Shortcuts . 146173.

3
103019.
4.2. SNC: RFC- SAP-
4.2.1
57
( )
SNC RFC- SAP-, SNC- saprfc.ini, SAP RFC.

SNC-
saprfc.ini. SAP RFC
4.9.2: RFC.
saprfc.ini
SAP- ( ). , WP1_SNC :
DEST=WP1_SNC
TYPE=A
ASHOST=mysapcom
SYSNR=01
SNC_MODE=1
SNC_PARTNERNAE=p:CN=sap01.mysapcom, OU=IT, O=HOME, C=RU
SNC_LIB=/sapmnt/WP1/profile/exe/sncnetc.so
SAP-
mysapcom 01. SNC- :
p:CN=sap01.mysapcom, OU=IT, O=HOME, C=RU
:
/sapmnt/WP1/profile/exe/sncnetc.so
SNC-,
RFC- SAP-.
4.2.1.1
SNC_PARTNERNAME
SNC- SAP-.
SNC- SAP-.
- SNC-.
.
.
58
4. SNC
4.2.1.2
SNC_LIB
.
GSS-API V2 .
-
.
.
.
.
4.2.1.3
SNC_MODE
SNC.
, SNC.
- .
.
0: SNC ; 1: SNC .
4.2.1.4
SNC_QOP
.
SNC-.
- 3.
.
1: ; 2:
; 3: ; 8:
-; 9: .
4.2. SNC: RFC- SAP-

4.2.1.5
59
SNC_MYNAME
SNC- RFC-.
SNC- RFC-.
- .
.
.
4.2.2
(SAP-)
SAP- ,
SNC, RFC-, 3.2:
.
RFC- . , SNC, , SNC-. , SAP 4.0 4.5, SNC ,
.
4.2.3
RFC-, , RFC- SNC,

.
SNC.
1. SNC- SNC-
, SAP-
RFC-
.
2. , SAP- USRACLEXT
SNC-, .
, SAP- RFC-
.
60
4. SNC
3. , SAP- USRACLEXT
, *
SNC-. , SAP- . , SAP- , SNC, .
4. , SAP- USRACLEXT SNC-, * . , SAP-
. , SAP- , SNC, .
5. , SAP- USRACLEXT , * SNC-, * . , SAP- . ,
SAP- , SNC, .
6. , SAP- RFC.
4.3
SNC: CPIC-
SAP-
CPIC- , SAP- .
, 4.0, CPIC-
SNC , SAP- 4.0.
4.3.1 ( )
SNC CPIC- SAP-, SNC-
sideinfo, SAP CPIC. SNC- sideinfo.
SAP CPIC
4.9.1: CPIC.
4.3. SNC: CPIC- SAP-
61
SNC-,
CPIC- SAP-.
4.3.1.1
SNC_PARTNERNAME
SNC- SAP-.
SNC- SAP-.
- SNC-.
.
255 .
4.3.1.2
SNC_LIB
.
GSS-API V2 .
-
.
.
255 .
.
4.3.1.3
SNC_MODE
SNC.
, SNC.
- .
.
0: SNC ; 1: SNC .
62
4. SNC
4.3.1.4
SNC_QOP
.
SNC-.
- 3.
.
1: ; 2:
; 3: ; 8:
-; 9: .
4.3.1.5
SNC_MYNAME
SNC- CPIC-.
SNC- CPIC-.
- .
.
255 .
4.3.1.6
GWSERV
CPIC-.
, CPIC-. , SNC,
.
- ??.
??.
.
sapgw<nn>: ; sapgw<nn>s:
.
4.3.2
63
(SAP-)
SAP- ,
SNC, CPIC-, 3.2: .
4.3.3
CPIC-, , CPIC- SNC,

. , RFC (. 4.3.3: ).
CPIC- CPIC SAP-.
64
4. SNC
4.4
SNC: RFC-
SAP-
, 4.0, RFC- SNC ,

SAP- 4.0.
SNC- RFC- SAP-
SNC- RFC-.
SM59, SM30
RFCDESSECU.
SM59.
SM59 RFC-:
R/2-
R/3-

(TCP/IP-)
SNC- (SAP-)
.
, .
4.4.1
RFC- SNC- SM59
SNC- RFC-, :
SNC

SNC-
SNC- (SNC- , , , -) (.
3.2: ).
4.4. SNC: RFC- SAP-
65
, RFC- (Activation
type = Start ) , :
,
SNC- SNC-.
, SNC-
SNC- .
SNC- RFC:
1. SM59 RFC-
Change ( 4.2).
2. SNC, SNC Activ.
3. SNC-: Destination SNC Options ( 4.3).
4. QOP .
5. ( ),
SNC- .
6. .
:
RFC- , snc/data_protection/min , snc/
data_protection/max .
RFC- , , .
RFC- 8,
, snc/data_protection/use
.
66
4. SNC
. 4.2. SNC RFC-.
RFC- 9,
, snc/data_protection/max
.
4.4. SNC: RFC- SAP-
67
. 4.3. SNC- RFC-.
4.0A.
C: 3.1G/H 4.0A.
4.4.2
SAP- R/2
SNC- R/2 .
4.4.3
SAP- SAP-
,
SNC, SAP-.
68
4. SNC
4.4.3.1
(SAP-)
SNC-
SM59. 4.4.1: RFC- SNC SM59.
:
, SNC-
SNC names ( 4.3).
,
, .
-
SNC- SAP
SNC-.
SNC- Msg. Server ( 4.4).
4.4.3.2
(SAP-)
, SAP-
RFC- SAP-,
- ACL . SNC0
, RFC. ACL 4.5.
, :
, SNC0
( E). ( I) SNC0.
RFC- SAP- (.. RFC-
SM59 R/3 connections),

.
4.4. SNC: RFC- SAP-
69
. 4.4. SNC- RFC- .
4.4.3.3
, SNC, RFC-
SAP-, SNC. SNCSYSACL , , RFC-
SAP-.
, ,
.
70
4. SNC
. 4.5. ACL RFC- SAP-.
4.4.4
SAP-
RFC- ( I), .
SNCSYSACL.
.
SNC
RFC- (. 2.6: ).
SNC RFC-,
4.4. SNC: RFC- SAP-
71
snc/r3int_rfc_secure snc/r3int_rfc_qop
SAP-. ,
RFC-.
, RFC-, SNC,
SNCSYSACL.
4.4.5
, , . , SNC- SNC .
4.4.6
TCP/IP
RFC-, RFC- , .
, RFC- TCP/IP- .
. SNC , ,
RFC-, SNC-.
SAP- ,
RFC- .
4.4.6.1
(SAP-)
SNC-
SM59. 4.4.1: RFC- SNC SM59.
4.4.6.2
( )
SNC- , . :
72
4. SNC
SNC SNC
SNC-
SM59 .

snc/
gssapi_lib .
SNC- SAP- SNC-
RFC-. RFC- - ,
, .
4.4.7
TCP/IP
RFC- , , , .
RFC, TCP/IP-
, SAP- , RFC- .
4.4.7.1
(SAP-)
SNC-
SM59. 4.4.1: RFC- SNC SM59.
, RFC-, RFC- .
, SAP- ,
4.4.6: TCP/IP . SNC-, RFC-,
SNC- .
4.4.7.2
( )
SNC- , .
:
4.4. SNC: RFC- SAP-
73
SNC SNC
SNC-
SM59 .

.
snc/gssapi_lib .
SNC- SNC- RFC- RFC RFC- .
RFC- RFC-. RFC-
.
4.4.7.3
, SNC, 3.3:
.
:
, SNC ( snc/enable 1), ( snc/gssapi_lib).
-, SNC.
SNC-, snc/permit_insecure_start
1.
SNC
RFC- .
3.3: .
RFC- , ,
, snc/gssapi_lib
,
.
74
4. SNC
4.4.8
TCP/IP
SAPgui
, SAPgui,
, SAP.
RFC, TCP/IP-
SAPgui, SAP- , RFC- .
4.4.8.1
(SAP-)
SNC-
SM59. 4.4.1: RFC- SNC SM59.
RFC- , SAPgui,
, SNC, , SAP- SNC.
, RFC- SNC-.
4.4.8.2
( )
SNC- , SAPgui. :
SNC SNC
SNC-
SM59 , ,
SNC- .

SAPgui (SNC_LIB).
SNC- SNC- RFC-
SAPgui4 .
4
,
, .
4.4. SNC: RFC- SAP-
4.4.9
75
TCP/IP
. . .
4.4.9.1
(SAP-)
. . .
4.4.9.2
( )
. . .
4.4.9.3
SNC
. . .
4.4.9.4
. . .
4.4.10 SM51
SAP-
SM51,
RFC-. ,
SNC, snc/r3int_rfc_secure 1.
4.4.11
SM59
. . .
4.4.12
. . .
4.4.12.1 BACK
. . .
76
4. SNC
4.4.12.2
NONE
NONE , . SNC
, NONE SNC (. snc/r3int_rfc_secure).
4.4.13
RFCDES-
RFCDES SNC.
4.4.14
RFC-
RFC- SAP- .
RFC- ,
CALL FUNCTION ... DESTINATION IN GROUP ...
.
SNC- RFC-.
4.5
77
SNC: CPIC-
SAP-
. . .
78
4. SNC
4.6
SNC:
, SNC,
SAP- SAPlpd.
SAPlpd ( S), spool , SAPlpd .
4.6.1
(SAP-)
SAP-
SPAD. SPAD
.
Access method Host spool access method S. Do not query host spooler. . . 4.6.
Security Degree of security . Backup mode
SNC- . SNC-
Identity of the remote SAPlpd. . .
4.7.
4.6.2
( SAPlpd)
SNC SAPlpd
win.ini saplpd.ini5 .
[SNC].
4.6.2.1
gssapi_lib
.
GSS-API V2 .
-
.
5
saplpd.ini 4.10. SAPlpd saplpd.ini, win.ini.
4.6. SNC:
79
. 4.6. : S.
. SAPlpd SNC_LIB , gssapi_lib

.
255 .
.
80
4. SNC
. 4.7. : SNC-.
4.6.2.2
enable
SNC.
SNC.
- .
.
0: SNC ; 1: SNC .
4.6. SNC:
4.6.2.3
81
identity/lpd
SNC- SAPlpd.
SNC- SAPlpd.
.
- .
. 2.3.2: .
4.6.3
SNC- SAPlpd
SNC- SAPlpd
SNC. :
1. Options Secured Connection.
4.8.
. 4.8. SAPlpd: SNC-.
2. SAP Security Library.

Backup
Mode SPAD ( 4.7):
82
4. SNC
Do not use .
Use if possible SNC-
.
Use always ,
SNC, .
3. Quality of protection. , SAP-.
4. SAPlpd Add
new connection. 4.9.
5. Accept every authenticated connection ,
SNC- . , SNC-
Last authenticated connection initiator
Authorize.
,
saplpd.ini, win.ini
SAPlpd.
4.6. SNC:
. 4.9. SAPlpd: SNC-.
83
84
4. SNC
4.7
SNC: SAProuter SAProuter
SAProuter ,
- SAP. SAProuter .
SAProuter 4.10.
. 4.10. SNC- SAProuter.
SAProuter- SNC. SNC,

SAProuter . , , , SNC.
SAProuter , ,
SNC.
SNC- SAProuter,
:
SNC- .
SNC- (route permission
table) .
4.7. SNC: SAProuter SAProuter
4.7.1
85
SNC-
, SNC- SAProuter
:
1. SNC_LIB,
.
2. SAProuter -K <SNC->,
<SNC-> SNC SAProuter.
4.7.2
SNC:
1. KT- , SAProuter SAProuter,
SNC.
2. KP-, KD- KS- , , SNC, .
P-, D- S-, .
4.7.2.1
KT-
, SAProuter , SNC,
KT-, :
KT <SNC- > < > < >
:
<SNC- > SNC- .
< > IP- .
< >
.
* SNC-
.
, , KT-
P-, D-, S-.
86
4. SNC
4.7.2.2
KP-, KD- KS-
SNC- P-,
D-, S-, KP-, KD-, KS- .
, , IP- SNC-. ,
:
K<D/P/S> "<SNC- >" < >
< > <>
SAProuter (KP-, KS-) (KD-) , .
4.7.3
SNC- SAProuter SAProuter .
4.7.4
SNC
, SNC,
SAProuter. host1,
host2. , SAP- mysapcom 00.
SNC- :
p:CN=sr1, OU=IT, O=HOME, C=RU
SNC- :
p:CN=sr2, OU=IT, O=HOME, C=RU
:
# SNC host2
KT "p:CN=sr1, OU=IT, O=HOME, C=RU" host2 *
#
P * * *
4.7. SNC: SAProuter SAProuter
87
:
# sr1
#
mysapcom sapdp00
KP "p:CN=sr1, OU=IT, O=HOME, C=RU" mysapcom sapdp00
# sr1
#
mysapcom sapgw00
KP "p:CN=sr1, OU=IT, O=HOME, C=RU" mysapcom sapgw00
:
saprouter -r -K "p:CN=sr1, OU=IT, O=HOME, C=RU"
:
saprouter -r -K "p:CN=sr2, OU=IT, O=HOME, C=RU"
88
4. SNC
4.8
SNC: ITS SAP-
4.5B SNC-
SAP ITS (WGate AGate) SAP.
, SNC, 4.11.
. 4.11. SNC- ITS.

SNC SAP ITS :
WGate AGate
AGate
, AGate
WGate SAP-.
4.8.1
(ITS WGate)
, WGate AGate SNC, SNC-,

WEB-. WGate.trc.
, SNC_LIB, Win32-. :
4.8. SNC: ITS SAP-
89
HKLM\SOFTWARE\SAP\its\2.0\< ITS>\Programs\
Connects
WGate\environment
< ITS> WGate.
SNC_LIB ,
.
SAP ITS 4.6D WGate wgate.conf.
4.8.1.1
SNC_LIB
.
GSS-API V2 .
255 .
.
.
4.8.1.2
Type
.
WGate AGate. , SNC, 2
(NI-SNC).
0: Sockets; 1: SAP NI; 2: SAP NI-SNC.
, wgate.conf.
4.8.1.3
SncNameAGate
SNC- AGate.
SNC- AGate.
.
, wgate.conf.
90
4. SNC
4.8.1.4
SncNameWGate
SNC- WGate.
SNC- WGate.
.
, wgate.conf.
4.8.2
(ITS AGate)
, WGate AGate
SNC, SNC-, ITS Manager. AGate.trc
Mmanager.trc.
, SNC_LIB, Win32-. :
Connects
AGate\environment
< ITS> AGate.
SNC_LIB ,
.
4.8.2.1
SNC_LIB
.
GSS-API V2 .
255 .
.
.
4.8. SNC: ITS SAP-

4.8.2.2
91
Type
.
WGate AGate. , SNC, 2
(NI-SNC).
0: Sockets; 1: SAP NI; 2: SAP NI-SNC.
.
4.8.2.3
SncNameAGate
SNC- AGate.
SNC- AGate.
.
.
4.8.2.4
SncNameWGate
SNC- WGate.
SNC- WGate.
.
.
4.8.3
(ITS AGate)
, AGate
SNC, SNC- AGate.
global.srvc - (Internet Application Component, IAC).
.
92
4. SNC
4.8.3.1
sncNameAGate
SNC- AGate.
SNC- AGate.
. ,
SNC-, WGate ( SncNameAGate).
.
IAC.
4.8.3.2
sncNameR3
.
SAP-. SNC
AGate .
.
IAC.
4.8.3.3
sncQoPR3
SNC-.
SNC-
AGate SAP-.
1: ; 2:
; 3: ; 9:
, snc/data_protection/max
.
IAC.
4.8. SNC: ITS SAP-
4.8.4
93
(SAP-)
, AGate SAP SNC, SNC

. SNC- SAP-
3.2: .
AGate ACL
SAP-. SM30
VSNCSYSACL ( E):
1. SNC name SNC- AGate. System ID

.
2. Entry for RFC activated Entry for CPIC activated .
WebRFC,
ACL ( USRACLEXT).
ACL 3.6.2: SNC- :
1. * User.
2. SNC name SNC- Agate.
94
4. SNC
4.9
SAP C: CPIC- RFC-.
4.9.1
CPIC
. . .
4.9.2
RFC
SNC- RFC-
saprfc.ini . RFC-
SNC ( 4.4.6, 4.4.7, 4.4.8, 4.4.9).
SNC- RFC-: RfcOpenEx.
4.1 RFC-, SNC.
RfcOpenEx
RFC-
RfcSncMode
SNC
RfcSncPartnerName
SNC-
RfcSncPartnerAclKey
SNC-
RfcSncNameToAclKey
SNC-
RfcSncAclKeyToName
SNC-
4.1. RFC API, SNC.

RFC (RFC SDK), saprfc.hlp.
A
SNC-
,
SNC.
USRACL
SNC-,
SAP-. ,
SNC ( SAPgui CPIC RFC-).
USRACLEXT
SNC-,
SAP-. (CPIC- RFC-). ,
SNC CPIC- RFC-.
SNCSYSACL
SNC-
, SNC, .
A.1. , .
96
A. SNC-
RFCDES
RFC-,
SNC .
RFCDESSECU
SNC- RFC-.
TXCOM
CPIC-,
SNC .
TXCOMSECU
SNC- CPIC-.
A.2. , .
B
SNC-
SNC-,
SAP-.
RSSNCCHK
SNC-
RSSNC40A
SNC- USR15 3.1 USRACL 4.0.
RSSNCSRV
SNC-
RSUSR300
SNC-
RSUSR402
B.1. SNC-.
98
B. SNC-
C
3.1G/H
4.0A
3.1G/H 4.0A .
.
C.1
snc/data_protection/max .
, SNCERR_OVERSECURE
.
C.2
snc/data_protection/min,
snc/data_protection/use snc/data_protection/max 2.
1, 2. 1 ,

.
100
C. 3.1G/H 4.0A

[1] SAP ICC , , BC-SNC.
http://www.sap.com/partners/icc/
http://www.sap.com/partners/icc/scenarios/
technology/bc-snc.asp
[2] SAP: Printing Guide
SAP R/3 4.6C: Basis Components Computing Center Management
System SAP Printing Guide
[3] SAP: SAProuter
SAP R/3 4.6C: Basis Components Client/Server Technology
SAProuter
[4] SAP: Internet Transaction Server
SAP R/3 4.6C: Basis Components Frontend Services ITS /
SAP@Web Studio
[5] SAP: RFC API
SAP R/3 4.6C: Basis Components Communication Interfaces
Remote Communications
[6] 66687: Use of network security products.
[7] 149646: During maintenance with RZ10 SNC profile parameter
warning.
[8] 184277: Length Limitation of SNC-Names.
102
[9] 379081: Optional deactivation of the password logon.

[10] 396983: EM/MAX SIZE MB not maintainable in RZ10 and RZ11.
[11] 625823: SNC connections may block work processes for a long
time.
[12] 667470: snc/force login screen = 1 shows no impact.

AGate.trc, 90
global.srvc, 91
GSS-API V2, 13, 16, 17, 28
Mmanager.trc, 90
sapdp<nn>, 22
sapgw<nn>, 23, 39
sapgw<nn>s, 23, 39
saplpd.ini, 78, 82
sapms<SAPSID>, 54
saprfc.hlp, 94
saprfc.ini, 57, 94
SNC-, 1415
SNC_LIB, 13, 21
SNC_MODE, 21
SNC_MYNAME, 21
SNC_PARTNERNAME, 21
SNC_QOP, 21
SNCERR_INIT, 28
SNCERR_OVERSECURE, 99
wgate.conf, 89
WGate.trc, 88
win.ini, 78, 82
, 10
, 14
, 13
SNC, 1415
X.500, 18
, 14
, 15
, 15

SNCERR_INIT, 28
SNCERR_OVERSECURE, 99
, 1011
, 1314
RSSNC40A, 97
RSSNCCHK, 43, 97
RSSNCSRV, 25, 97
RSUSR300, 19, 97
RSUSR402, 43, 97
CPIC
GWSERV, 62
SNC_LIB, 61
SNC_MODE, 61
SNC_MYNAME, 62
SNC_PARTNERNAME, 61
SNC_QOP, 62
ITS AGate
sncNameAGate, 92
sncNameR3, 92
sncQoPR3, 92
SNC_LIB, 90
SncNameAGate, 91
SncNameWGate, 91
Type, 91
ITS WGate
SNC_LIB, 8889
104

SncNameAGate, 89
SncNameWGate, 90
Type, 89
RFC
SNC_LIB, 58
SNC_MODE, 58
SNC_MYNAME, 59
SNC_PARTNERNAME, 57
SNC_QOP, 58
SAP Shortcuts
SNC_NAME, 56
SAPgui
SNC_LIB, 52, 74
SNC_MODE, 53
SNC_PARTNERNAME, 5253
SNC_QOP, 53
SAPlpd
enable, 80
gssapi_lib, 7879
identity/lpd, 81
SAProuter
KD-, 8586
KP-, 8586
KS-, 8586
KT-, 85

login/disable_password_logon, 38
login/disable_password_logon, 27,
3738
login/password_logon_usergroup, 27,
38
rdisp/maximum_snc_hold_time, 27,
37
snc/accept_insecure_cpic, 26, 27,
33
snc/accept_insecure_gui, 37, 46
snc/permit_insecure_comm, 3233
snc/accept_insecure_gui, 22, 26, 27,
34
snc/accept_insecure_r3int_rfc, 27,
32, 35
snc/accept_insecure_rfc, 26, 27, 32,

3536
snc/data_protection/max, 27, 29
32, 65, 66, 92, 99
snc/data_protection/min, 27, 30
32, 65, 99
snc/data_protection/use, 27, 30
32, 65, 99
snc/enable, 2628
snc/force_login_screen, 27, 3637,
46, 49
snc/gssapi_lib, 2629, 72
snc/identity/as, 2629
snc/permit_insecure_gui, 27, 34
snc/permit_insecure_start, 27, 36,
40
snc/r3int_rfc_qop, 27, 32, 71
snc/r3int_rfc_secure, 22, 27, 31
32, 35, 71, 75, 76
snc/user_maint, 2728
gw/rem_start, 40
gw/remsh, 40
snc/enable, 39, 73
snc/gssapi_lib, 39, 73
snc/permit_insecure_start, 3940,
73
48<nn>, 23
sapdp<nn>, 22
sapgw<nn>, 23, 39
sapgw<nn>s, 23, 39
sapms<SAPSID>, 54
SAProuter, 22
(ACL)
, 4142, 44, 47
49, 93
, 42, 44, 68, 93

RFCDES, 76, 96
RFCDESSECU, 64, 96
SNCSYSACL, 6971, 95
TXCOM, 96
TXCOMSECU, 43, 96
USR15, 97
USRACL, 41, 44, 47, 95, 97
USRACLEXT, 41, 44, 48, 59, 60,
93, 95
VSNCSYSACL, 42, 44, 93
RZ10, 26
SM30
RFCDESSECU, 43, 64
TXCOMSECU, 43
USRACL, 41, 44, 47
USRACLEXT, 41, 44, 48
VSNCSYSACL, 42, 44, 93
SM51, 75
SM54, 43
SM59, 42, 6468, 7174
SNC0, 42, 44, 68
SO70
SIMG_BCSNC, 41
SPAD, 42, 78, 81
SPRO, 40
SU01, 28, 38, 41, 46, 48
SUIM, 42
, 10, 15

, 10
, 1011
, 10
AGate.trc, 90
global.srvc, 91
Mmanager.trc, 90
saplpd.ini, 78, 82
saprfc.hlp, 94
saprfc.ini, 57, 94
wgate.conf, 89
105
WGate.trc, 88
win.ini, 78, 82
, 10

Sncuserguide Ru PRUSOV

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Sncuserguide Ru PRUSOV

Загружено:

Авторское право:

Доступные форматы

SNC

SNC (Secure Network Communications ), ,

SNC SAP-. SAP-

2.2. SNC SAP

p/cpro:C=RU, O=Mecomp, OU=IT, CN=mprusov

SNC ( , SAPgui, RFC- .) SAP- c ,

. 2.1. SNC SAP-.

2.1. SNC- SAP-.

255 . SNC- , SAP-

3.1. SNC- SAP-.

, SNC, SAPgui SNC.

, SNC, SAPgui SNC.

1, 4.6, 6.10, 6.20

3.1I SNC RFC- CPIC-, snc/permit_insecure_comm 1.

4.0 SNC SAP- ( SPRO).

, SNC-, . ACL SNC0 SM30 VSNCSYSACL.

, SNC- , SPAD. 4.6: SNC: .

SAP: BC Printing Guide Transporting Printers (Device Definitions)

. 3.1. SNC- SAP-.

SAP- ACL ( USRACL) SNC- .

3.1 SNC RFC-

SNC: SAPgui SAP-

SAPgui SAP-, SAPgui , SAP- .

4.1. SNC: SAPgui SAP-

SAPgui (SAP Logon)

SAP Logon SAPgui,

. 4.1. SNC- SAP Logon.

SAP (message server),

4.1. SNC: SAPgui SAP-

SAPgui (SAP Shortcuts)

SAP Shortcuts , SNC,

SAP Shortcuts, . SAP Shortcuts - . , SNC,

SAP- SNC- SAPgui 3.2: 3.6: SAP-.

SAPgui SAP Shortcuts . 146173.

4.2. SNC: RFC- SAP-

SNC RFC- SAP-, SNC- saprfc.ini, SAP RFC.

4.2. SNC: RFC- SAP-

RFC-, , RFC- SNC,

4.3. SNC: CPIC- SAP-

4.3. SNC: CPIC- SAP-

CPIC-, , CPIC- SNC,

, 4.0, RFC- SNC ,

RFC- SNC- SM59

4.4. SNC: RFC- SAP-

. 4.2. SNC RFC-.

4.4. SNC: RFC- SAP-

. 4.3. SNC- RFC-.

4.4. SNC: RFC- SAP-

. 4.4. SNC- RFC- .

. 4.5. ACL RFC- SAP-.

4.4. SNC: RFC- SAP-

4.4. SNC: RFC- SAP-

4.4. SNC: RFC- SAP-

4.5. SNC: CPIC- SAP-

saplpd.ini 4.10. SAPlpd saplpd.ini, win.ini.

. SAPlpd SNC_LIB , gssapi_lib

. 4.8. SAPlpd: SNC-.

2. SAP Security Library.

. 4.9. SAPlpd: SNC-.

SNC: SAProuter SAProuter

. 4.10. SNC- SAProuter.

SAProuter- SNC. SNC,

4.7. SNC: SAProuter SAProuter

KP-, KD- KS-