Вы находитесь на странице: 1из 105

SNC

, mprusov@yandex.ru
11 2004 .


SNC
SAP- SAP AG. SNC Users
Guide 1.2 SAP AG,
, .
SAP AG.
SNC-, (MSNC-). ,
, http://mprusov.narod.ru/
sap/snc/index.html.
mailto:
mprusov@yandex.ru.

1.1 SNC? . . . . . . . . . . . . . .
1.2 SNC? . . . . . . . . . . . .
1.2.1 . . . . .
1.2.2 . . . . .
1.2.3

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

9
9
10
10
10
10

2 SNC SAP
2.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2 SNC SAP . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1 , SNC . . . . .
2.2.2 SNC
SAP- . . . . . . . . . . . . . . . . . . . . . . . . . .
2.3 . . . . . . . . . .
2.3.1 . . . . . . . . . . . . . . . . . . . . . . . . . .
2.3.2 . . . . . . . . . . . . . . . . . . . . . . . . . .
2.4 SAP- . . . . . . . . . . . . .
2.5 SNC . . . . .
2.6 . . . . . . . . . . . . . . . . . . . . . . . . . . . .

16
17
17
18
19
19
22

3 SNC SAP
3.1 . . . . . . . . . . . . . . . . . . . . . . .
3.2
3.2.1 snc/enable . . . . . . . . . . . . . . . . . . . . .
3.2.2 snc/user_maint . . . . . . . . . . . . . . . . . .
3.2.3 snc/gssapi_lib . . . . . . . . . . . . . . . . . . .
3.2.4 snc/identity/as . . . . . . . . . . . . . . . . . .
3.2.5 snc/data_protection/max . . . . . . . . . . . . .
3.2.6 snc/data_protection/min . . . . . . . . . . . . .
3.2.7 snc/data_protection/use . . . . . . . . . . . . .

25
25
26
26
28
28
29
29
30
31

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

13
13
15
15

3.3

3.4

3.5

3.6

3.7

3.2.8 snc/r3int_rfc_secure . . . . . . . . . . . . . . . . . . .
3.2.9 snc/r3int_rfc_qop . . . . . . . . . . . . . . . . . . . . .
3.2.10 snc/permit_insecure_comm . . . . . . . . . . . . . . .
3.2.11 snc/accept_insecure_cpic . . . . . . . . . . . . . . . . .
3.2.12 snc/permit_insecure_gui . . . . . . . . . . . . . . . . .
3.2.13 snc/accept_insecure_gui . . . . . . . . . . . . . . . . .
3.2.14 snc/accept_insecure_r3int_rfc . . . . . . . . . . . . . .
3.2.15 snc/accept_insecure_rfc . . . . . . . . . . . . . . . . .
3.2.16 snc/permit_insecure_start . . . . . . . . . . . . . . . .
3.2.17 snc/force_login_screen . . . . . . . . . . . . . . . . . .
3.2.18 rdisp/maximum_snc_hold_time . . . . . . . . . . . . .
3.2.19 login/disable_password_logon . . . . . . . . . . . . . .
3.2.20 login/password_logon_usergroup . . . . . . . . . . . .
. . . . . . . . . . . .
3.3.1 snc/enable . . . . . . . . . . . . . . . . . . . . . . . . .
3.3.2 snc/gssapi_lib . . . . . . . . . . . . . . . . . . . . . . .
3.3.3 snc/permit_insecure_start . . . . . . . . . . . . . . . .
3.3.4 gw/rem_start . . . . . . . . . . . . . . . . . . . . . . .
SAP- . . . . . . . . . . . . . . . . . . . .
3.4.1 (ACL) . . . . . . . . . . . .
3.4.1.1
3.4.1.2 . . . .
3.4.2 . . . . . . . . . . . . . . . . . . . . .
3.4.2.1 SAPlpd . . . . . . . . . .
3.4.2.2 RFC . . . . . . . . . . . . . . . . . . . . . . .
3.4.2.3 CPIC . . . . . . . . . . . . . . . . . . . . . .
3.4.2.4
. . . . . . . . . . . . . . . . . . . . . . . .
3.5.1 . . . . . . . . . . . . . . . .
3.5.1.1
3.5.1.2 . . . .
3.5.2 . . . . . . . . . . . . . . . . . . . . .
3.5.2.1 SAPlpd . . . . . . . . . .
3.5.2.2 RFC . . . . . . . . . . . . . . . . . . . . . . .
3.5.2.3 CPIC . . . . . . . . . . . . . . . . . . . . . .
SAP- . . . . . . . . . . . .
3.6.1 SNC- . . . . .
3.6.2 SNC- . . . .
SAP- . . . . . . . . . . . . . . .

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

31
32
32
33
34
34
35
35
36
36
37
37
38
38
39
39
40
40
40
41
41
42
42
42
42
43
43
43
44
44
44
45
45
45
45
45
45
48
49


4 SNC
4.1 SNC: SAPgui SAP- . . . . . . . . . . . . .
4.1.1 SAPgui (sapgui.exe) . . . . . . . . . . . . . .
4.1.1.1 SNC_PARTNERNAME . . . . . . . . . . . . . .
4.1.1.2 SNC_LIB . . . . . . . . . . . . . . . . . . . . . .
4.1.1.3 SNC_MODE . . . . . . . . . . . . . . . . . . . .
4.1.1.4 SNC_QOP . . . . . . . . . . . . . . . . . . . . .
4.1.2 SAPgui (SAP Logon) . . . . . . . . . . . . . .
4.1.2.1 . . . . . . . . . . . . .
4.1.2.2 . . . . . . . . . . .
4.1.2.3 . . . . . . . . . . . . . . .
4.1.3 SAPgui (SAP Shortcuts) . . . . . . . . . . . .
4.1.3.1 SNC_NAME . . . . . . . . . . . . . . . . . . . .
4.1.4 (SAP-) . . . . . . . . . . . . . . . . . .
4.2 SNC: RFC- SAP- . . .
4.2.1 ( ) . . . . . . . . . . . . .
4.2.1.1 SNC_PARTNERNAME . . . . . . . . . . . . . .
4.2.1.2 SNC_LIB . . . . . . . . . . . . . . . . . . . . . .
4.2.1.3 SNC_MODE . . . . . . . . . . . . . . . . . . . .
4.2.1.4 SNC_QOP . . . . . . . . . . . . . . . . . . . . .
4.2.1.5 SNC_MYNAME . . . . . . . . . . . . . . . . . .
4.2.2 (SAP-) . . . . . . . . . . . . . . . . . .
4.2.3 . . . . . . . . . . . . . . .
4.3 SNC: CPIC- SAP- . .
4.3.1 ( ) . . . . . . . . . . . . .
4.3.1.1 SNC_PARTNERNAME . . . . . . . . . . . . . .
4.3.1.2 SNC_LIB . . . . . . . . . . . . . . . . . . . . . .
4.3.1.3 SNC_MODE . . . . . . . . . . . . . . . . . . . .
4.3.1.4 SNC_QOP . . . . . . . . . . . . . . . . . . . . .
4.3.1.5 SNC_MYNAME . . . . . . . . . . . . . . . . . .
4.3.1.6 GWSERV . . . . . . . . . . . . . . . . . . . . . .
4.3.2 (SAP-) . . . . . . . . . . . . . . . . . .
4.3.3 . . . . . . . . . . . . . . .
4.4 SNC: RFC- SAP- . . .
4.4.1 RFC- SNC- SM59
4.4.2 SAP- R/2 . . . . . . . . . . . . . . . . . . . . .
4.4.3 SAP- SAP- . . . . . . . . . . . . . . . .
4.4.3.1 (SAP-) . . . . . . . . . . . .
4.4.3.2 (SAP-) . . . . . . . . . . . . .
4.4.3.3 . . .

5
51
51
52
52
52
53
53
53
54
55
55
55
56
56
56
57
57
58
58
58
59
59
59
60
60
61
61
61
62
62
62
63
63
64
64
67
67
68
68
69

4.4.4
4.4.5
4.4.6

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .
TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.4.6.1 (SAP-) . . . . . . . . . . . .
4.4.6.2 ( ) . . . . . . . . .
4.4.7 TCP/IP
4.4.7.1 (SAP-) . . . . . . . . . . . .
4.4.7.2 ( ) . . . . . . . . .
4.4.7.3 . . . . . . . . . . . . . . . . . .
4.4.8 TCP/IP SAPgui
4.4.8.1 (SAP-) . . . . . . . . . . . .
4.4.8.2 ( ) . . . . . . . . .
4.4.9 TCP/IP . . . . . . . .
4.4.9.1 (SAP-) . . . . . . . . . . . .
4.4.9.2 ( ) . . .
4.4.9.3 SNC . . .
4.4.9.4 . . . . . . . . . . . . . . . . . .
4.4.10 SM51 . . . . . . . . .
4.4.11 SM59 . . . . . . . .
4.4.12 . . . . . . . . . . . . . . . . . . .
4.4.12.1 BACK . . . . . . . . . . . . . . . . . . .
4.4.12.2 NONE . . . . . . . . . . . . . . . . . .
4.4.13 RFCDES- . . . . . . . . . . . . . . .
4.4.14 RFC- . . . . . . . . . . . . . . . . . . . . . . . . .
4.5 SNC: CPIC- SAP- . .
4.6 SNC: . . . . . . . . . . . . . . . . . . . . . . .
4.6.1 (SAP-) . . . . . . . . . . . . . . . . .
4.6.2 ( SAPlpd) . . . . . . . . . . . . . . .
4.6.2.1 gssapi_lib . . . . . . . . . . . . . . . . . . . . . .
4.6.2.2 enable . . . . . . . . . . . . . . . . . . . . . . . .
4.6.2.3 identity/lpd . . . . . . . . . . . . . . . . . . . . .
4.6.3 SNC- SAPlpd . . . . . . . . . . .
4.7 SNC: SAProuter SAProuter . . . . . . . . . . . . .
4.7.1 SNC- . . . . . . . . . . . . . . . . .
4.7.2 . . . . . . .
4.7.2.1 KT- . . . . . . . . . . . . . . . . . . . . .
4.7.2.2 KP-, KD- KS- . . . . . . . . . . . . . .
4.7.3 . . . . . . . . . . . . . . . . . . . . . . .
4.7.4 SNC . . . . . . . . . . . . . . .

70
71
71
71
71
72
72
72
73
74
74
74
75
75
75
75
75
75
75
75
75
76
76
76
77
78
78
78
78
80
81
81
84
85
85
85
86
86
86


4.8 SNC: ITS SAP- . . . . . . . .
4.8.1 (ITS WGate) . . . . . . . . . . .
4.8.1.1 SNC_LIB . . . . . . . . . . . . . . .
4.8.1.2 Type . . . . . . . . . . . . . . . . . .
4.8.1.3 SncNameAGate . . . . . . . . . . .
4.8.1.4 SncNameWGate . . . . . . . . . . .
4.8.2 (ITS AGate) . . . . . . . . . . . . .
4.8.2.1 SNC_LIB . . . . . . . . . . . . . . .
4.8.2.2 Type . . . . . . . . . . . . . . . . . .
4.8.2.3 SncNameAGate . . . . . . . . . . .
4.8.2.4 SncNameWGate . . . . . . . . . . .
4.8.3 (ITS AGate) . . . . . . . . . . . .
4.8.3.1 sncNameAGate . . . . . . . . . . .
4.8.3.2 sncNameR3 . . . . . . . . . . . . .
4.8.3.3 sncQoPR3 . . . . . . . . . . . . . .
4.8.4 (SAP-) . . . . . . . . . . .
4.9 C .
4.9.1 CPIC .
4.9.2 RFC .

7
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

88
88
89
89
89
90
90
90
91
91
91
91
92
92
92
93
94
94
94

A SNC-

95

B SNC-

97

C 3.1G/H 4.0A
C.1 snc/data_protection/max . . . . . . . . . . .
C.2 . . . . . . . . . . . . . . . . . . . . . . . .

99
99
99

SNC (Secure Network Communications ), ,


, .

1.1

SNC?

SNC SAP-, .
SAP- , SAP
. SNC ,
. , SNC:
SNC . SNC
, SNC (,
SAPgui SAP).
, SAP- (, -
).

10

1.
. , .

- SAP-.

1.2

SNC?

SNC SAP-. SAP-


, . SNC
SAP-.
:


1.2.1

,
.
. , SNC.

1.2.2

, .
.

1.2.3

, .

1.2. SNC?

11

.
, SNC.

12

1.

2
SNC SAP
SNC SAP-.

2.1

SNC .
.
GSS-API V2 , IETF
(Internet Engineering Task Force). SNC GSS-API V2
.
, , gssapi, SNC_LIB , , . , (
, ).
(credentails) ,
. , , .
, . ,

14

2. SNC SAP

.
, (, SAP-)
. . 2.3.2: .
SNC- SAP-. SNC- , . 3.1I
4.0A . SNC-
:
< >:< >
< >/<>:< >
:
< > , :
p , ;
s /;
u .
<> .
< >
, (.
).
SNC-
.
SNC-:
p:C=RU, O=Mecomp, OU=IT, CN=mprusov
s:sap03@h502

2.2. SNC SAP

15

p/cpro:C=RU, O=Mecomp, OU=IT, CN=mprusov


s/cpro:sap03@h502
, , SAP-
, . GSS-API V21 .
, , QoP ,
, (
, , ).
SNC- SAP- , SNC.

2.2

SNC SAP

,
SNC , SNC
SAP-.

2.2.1

, SNC

SNC SAP-:


/ , .
.
( ).
1

gss_canonicalize_name.

16

2. SNC SAP

. :

SAP-, .
- .
(Single SignOn).

SNC ,
,
, .
,
SAP- GSSAPI V2 IETF.

2.2.2

SNC
SAP-

SNC ( , SAPgui, RFC- .) SAP- c ,


( 2.1).
SNC,
. SNC, SNC
SAP-NI.
(, ).
SNC GSS-API V2.
SAP-
, .

2.3.

17

. 2.1. SNC SAP-.

2.3

, .

2.3.1

, SAP-,
:
, GSS-API V2.

18

2. SNC SAP
.
,
SAP-.
(ICC) SAP AG.
SAP-. SAP AG,
ICC[1] 66687[6].

2.3.2

.
SAP-.
, SNC-, SAP
SAP- .
SAP-
.
, , X.500.
SAP-, ,
,
SAP- , . , X.500,
SAP- CN, (OU, O, C) .
, solarmic SAP-
:
C=RU, O=HOME, OU=IT, CN=solarmic
SAP-,
SAP-. ,
, . :
sap< >.< >

2.4. SAP-

19

, 01,
mysapcom, :
C=RU, O=HOME, OU=IT, CN=sap01.mysapcom
, ,
RSUSR300 SNC-
SAP-.

2.4

SAP-

SAP- :
SAP (SAP WAS)
SAPgui
SAPlpd
RFC-
CPIC-
SAProuter
SAP ITS
SNC-
2.1.
, ,
SNC, , 4:
SNC.

2.5

SNC

SNC .
,
, . , SAPgui

20

2. SNC SAP

SNC

3.1G

4.1

SAPgui

SAP WAS

..

SAP WAS

RFC

4.0A

4.2

..

SAP WAS

CPIC

4.0A

4.3

SAP WAS

SAP WAS

RFC

4.0A

4.4.3

SAP WAS

SAP WAS

CPIC

4.0A

4.5

SAP WAS

..

RFC

4.0A

4.4.64.4.8

SAP WAS

..

CPIC

4.0A

4.5

SAP WAS

SAPlpd

3.1G

4.6

SAProuter

SAProuter

4.0A

4.7

SAP ITS

SAP WAS

4.5A

4.8

2.1. SNC- SAP-.


SAP-, SAPgui
, .
SNC- .
:
SNC
SNC- ( )


:
SNC
SNC-


, ,
SNC-:

2.5. SNC

21

SNC_MODE
SNC. 0: SNC
; 1: SNC .
SNC_MYNAME
SNC- . . 255 2 .
SNC_PARTNERNAME
SNC- . . 255 .
SNC_QOP
( ). 1: ; 2: ; 3:
; 8: -; 9:
.

. ,
.
SNC_LIB
, .
. 255 .
, , SAP-.
/ , ,
.
, SNC .
2

255 . SNC- , SAP-


. 184277[8].

22

2. SNC SAP

2.6

SNC:
SNC SAP-.
,

SAP. SNC
. SAP ( 2.2).
,
RFC- .
SAP-
, , (, RFC). ( SNC ), SAP- .
SNC- ( 2.2).
snc/r3int_rfc_secure.
SAP-.

. (sapdp<nn>)
, SAProuter. SAProuter 3299.
SAP- ,
, SNC, . , , .
snc/accept_insecure_gui.

2.6.

23

. 2.2. , SNC.

(sapgw<nn>s)
, SNC, SAP-
RFC-.
SAP- RFC-. SNC
, SNC, RFC-.
,
. sapgw<nn>s
sapgw<nn> SAP-.
48004899.
, SAProuter.
, ,
SAProuter
SAProuter.

24

2. SNC SAP

3
SNC
SAP
SNC
SAP-.

3.1

SAP-. , SAP, .
, .
, , .
SNC- , SNC-
SAP-.
,
SNC SNC. , .
SNC- SAP- RSSNCSRV.
SNC SAP- ,
, SNC . -

26

3. SNC SAP

. ,
, SNC, , .

3.2

SAP- RZ1012 .
( ).
, snc/identity/as , snc/gssapi_lib .
SNC- SAP-.

3.2.1

snc/enable

SNC .
.
SNC . SNC 1.
, SNC, , SNC, . , ,
, (snc/
accept_insecure_gui, snc/accept_insecure_rfc , snc/accept_insecure_cpic).
snc/gssapi_lib. SNC
,
1

, RZ10
. 396983[10].
2
4.0B 4.5B, , RZ10
, SNC- .
149646[7].

3.2.

snc/enable
snc/user_maint
snc/gssapi_lib
snc/identity/as
snc/data_protection/max
snc/data_protection/min
snc/data_protection/use

3.1

4.0

4.5

4.6

6.1

6.2

snc/r3int_rfc_secure
snc/r3int_rfc_qop
snc/permit_insecure_comm
snc/accept_insecure_cpic
snc/permit_insecure_gui
snc/accept_insecure_gui
snc/accept_insecure_r3int_rfc
snc/accept_insecure_rfc
snc/permit_insecure_start
snc/force_login_screen
rdisp/maximum_snc_hold_time
login/disable_password_logon
login/password_logon_usergroup

27

3.1. SNC- SAP-.

28

3. SNC SAP
. , , ( , , SncInit, SNCERR_INIT).
- 0 (SNC ).
snc/gssapi_lib, snc/identity/as.
0: SNC ; 1: SNC .

3.2.2

snc/user_maint

SNC SU01.
3.1.
, SAP SNC- ,
1.
- 0 ( SNC-).
.
0: SNC-; 1:
SNC-.

3.2.3

snc/gssapi_lib

.
.
GSS-API V2 .
SNC , . ,
SAP- ,

3.2.

29

, ,
.
-
.
.
255 .
.

3.2.4

snc/identity/as

SNC- .
.
SNC-
SAP-. .
(message server) SNC- SAP
Logon RFC- .
- .
.
. 2.3.2: .

3.2.5

snc/data_protection/max

SNC-, SAP-.
.
.
3.1G/H: , , .
, .

30

3. SNC SAP
3.1I: .
4.0A: . .
, RFC- , .
4.0B: ,

(9). .
3.1 4.0A
.

C: 3.1G/H 4.0A.
- 3 ( ).
snc/data_protection/min, snc/data_protection/
use.

snc/data_protection/use.
: 1: ; 2: ;
3: .

3.2.6

snc/data_protection/min

, SNC-.
.

, .
SNC , . ,
.
- 2 ( ).

3.2.

31

snc/data_protection/max, snc/data_protection/
use.
: 1: ; 2: ; 3:
.

3.2.7

snc/data_protection/use

,
SAP .
.
RFC- CPIC-.
RFC- CPIC-, - (8).
- 3 ( ).
snc/data_protection/min, snc/data_protection/
max.

snc/data_protection/min snc/data_protection/max. : 1:
; 2: ; 3: ; 9: ,
snc/data_protection/max.

3.2.8

snc/r3int_rfc_secure

SNC RFC-.
4.0A.
, , SNC,
RFC- .
,
RFC-

32

3. SNC SAP
SNC.
.
2.6: .
- 0 ( SNC
RFC-).
snc/accept_insecure_rfc,
snc/accept_insecure_r3int_rfc.
0: SNC RFC-; 1: SNC
RFC-.

3.2.9

snc/r3int_rfc_qop

SNC- RFC-.
4.0A.
,
RFC- , SNC
RFC- .
- 8 ( ,
snc/data_protection/use).
snc/r3int_rfc_secure.
,
snc/data_protection/min. : 1: ; 2: ; 3: ; 8: ,
snc/data_protection/use; 9:
, snc/data_protection/max.

3.2.10

snc/permit_insecure_comm

CPIC-
SNC.

3.2.

33

3.1.
-, SNC,
, SNC, CPIC-.
3.1 CPIC- SNC
, 1
, CPIC .
- 0 ( CPIC-).
.
0: CPIC-; 1: CPIC-.

3.2.11 snc/accept_insecure_cpic
CPIC- SNC.
4.0.
-, SNC,
, SNC, CPIC-. .
- 0 ( CPIC-).
.
0: CPIC-; 1: CPIC-; U:
CPIC- ,
.
3.6: SAP-.

34

3. SNC SAP

3.2.12

snc/permit_insecure_gui

, SNC, SAPgui SNC.


3.1.
-, SNC,
SAP- SAPgui,
SNC.
.
, SAPgui ,
.
- 0 ( ).
.
0: ; 1: ,

3.2.13

snc/accept_insecure_gui

, SNC, SAPgui SNC.


4.0.
snc/permit_insecure_gui.
- 0 ( ).
.
0: ; 1: ; U: , .
3.6: SAP-.

3.2.

3.2.14

35

snc/accept_insecure_r3int_rfc

, SNC, RFC-
SNC.
4.0.

RFC-. RFC-,
snc/accept_insecure_rfc.

snc/accept_insecure_rfc 0. ,
RFC-
.
- 1 (
RFC-).
snc/accept_insecure_rfc, snc/r3int_rfc_secure.
0: RFC; 1: RFC-.

3.2.15

snc/accept_insecure_rfc

, SNC, RFC-
SNC.
4.0.
-, SNC,
SAP- RFC-. ,
RFC-,
snc/accept_insecure_r3int_rfc.
- 0 (
RFC-).
snc/accept_insecure_r3int_rfc.

36

3. SNC SAP
0: RFC; 1: RFC-;
U: RFC-
,
. 3.6: SAP-.

3.2.16

snc/permit_insecure_start

,
SNC, .
4.0.
-, SNC ,
, SNC, .
- 0 ( SNC).
.
0: SNC-; 1: SNC-.

3.2.17

snc/force_login_screen

SNC-.
4.5.
-, SNC , SNC-
, .
- 0 (
).
.

3.2.

37

0:
; 1 X3 : .

3.2.18

rdisp/maximum_snc_hold_time

SNC-4 .
4.6C.
, SNC, SAP-
Hold .

. SNC-.
- 0 ( ).
.
0: ; >0: , .

3.2.19

login/disable_password_logon

,
5 .
4.6.
, .
snc/accept_insecure_gui , , SNC,
.
3

1, 4.6, 6.10, 6.20


, - X.
667470[12].
4
625823[11].
5
379081[9].

38

3. SNC SAP
- 0 ( ).
login/password_logon_usergroup.
0: ;
1:
, login/password_logon_usergroup.

3.2.20

login/password_logon_usergroup

, , 6 .
4.6.
, , , , login/
disable_password_logon 1.
- .
login/disable_password_logon.
SU01 ( Logon data, User group for authorization
check).

3.3

, SNC, SAP-
. SNC , .
,
. , .
6

379081[9].

3.3.

39

3.1I SNC RFC- CPIC-, snc/permit_insecure_comm 1.


, 4.0.
,
SNC.

3.3.1

snc/enable

SNC .
.
, , SNC, 1.
SNC :
(sapgw<nn>) (sapgw<nn>s),
.
, SNC
. , SNC-, snc/permit_insecure_start .
- 0 (SNC ).
snc/gssapi_lib, snc/permit_insecure_start.
0: SNC ; 1: SNC .

3.3.2

snc/gssapi_lib

. snc/gssapi_lib SAP-.
.

40

3. SNC SAP

3.3.3

snc/permit_insecure_start

,
SNC, .
snc/permit_insecure_start
SAP-.

3.3.4

gw/rem_start

CPIC-.
4.0.
SNC,
RFC- CPIC- SNC-. , ,
. ,
SNC.
4.0A 4.0B: REMOTE_SHELL
, gw/remsh , ..
4.5A: DISABLED .
- REMOTE_SHELL (
rsh remsh).
SNC.
REMOTE_SHELL: rsh
remsh; REXEC: rexec; DISABLED:
.

3.4

SAP-

4.0 SNC SAP- ( SPRO).

3.4. SAP-

41

SNC : Basis Components System Administration Management of External Security Systems Secure Network Communication. SO70
SIMG_BCSNC.
SNC- SNC-, SNC
SNC- . , ,
, SNC-
, .

3.4.1

(ACL)

, . ACL ACL.
3.4.1.1

ACL:
SNC SAP-.
SU01. 3.6: SAP-.
ACL SNC- ,
, SAP-
, . 2.3.2: .
ACL SU01, SM30 USRACL SNC .
3.6: SAP-.
ACL SNC RFC- CPIC- SM30
USRACLEXT.
3.6.2: SNC- .

42

3. SNC SAP
RFC- , SAP- RFC-:
S_RFC RFC-.
S_RFCACL RFC-.
(Authorization Info
System) SUIM, , .
- (Cross-application Authority Objects).

3.4.1.2

, SNC-, . ACL SNC0 SM30 VSNCSYSACL.


4.4.3: SAP- SAP.

3.4.2

, SNC, SAP-,
RFC- CPIC-.
3.4.2.1

SAPlpd

, SNC- , SPAD. 4.6: SNC: .


3.4.2.2

RFC

RFC
SNC:
RFC- SM59 RFC-. 4.4: SNC: RFC- SAP-.

3.5.

43

SNC- RFC-
SM30 RFCDESSECU SNC-. 4.4: SNC: RFC- SAP-.
3.4.2.3

CPIC

CPIC SNC:
CPIC- SM54 CPIC-. 4.5: SNC: CPIC- SAP-.
SNC- CPIC- SM30 TXCOMSECU SNC-.
4.5: SNC:
CPIC- SAP-.
3.4.2.4

, , :
SNC- SNC- SAP- ,
, RSUSR402.
, RSSNCCHK, SNC-
SAP-, SNC.
SNC- ,
SNC- . , , , SNC- ,
, .

3.5

, SAP, :

44

3. SNC SAP

(, ALE)


, SNC-. - . -
.

3.5.1

3.5.1.1


.
USRACL ( SNC- ) SM30.

USRACLEXT ( SNC- SNC-
RFC- CPIC-) SM30.
3.5.1.2
( SNC-
), SNC0 SM30 VSNCSYSACL E.
( I).

VSNCSYSACL. SM30
VSNCSYSACL.

3.6. SAP-

3.5.2

45


, SNC.
3.5.2.1

SAPlpd

SAP: BC Printing Guide Transporting Printers (Device Definitions)


Transporting a Device Type [2].
3.5.2.2

RFC

RFC- .
3.5.2.3

CPIC

CPIC- .

3.6

SAP-

SNC, , ,
, SNC- SAP-. , SAP- SAPgui
SNC, SNC- SAPgui SNC SAP-. , SAP- SNC-,
, ( ) . , SAP-,
, , .

SAP-.

3.6.1

SNC-

SAP-, SNC,

46

3. SNC SAP

SAP- SNC- .
/ :
SNC- SAP-. ,
SNC- .
, 4.5,
SNC- . , SNC- SAP.
4.5 (
snc/force_login_screen, 0) , SNC- SAP. SNC- ,
,
. 3.7: SAP-.

SNC, U snc/accept_insecure_gui.
SNC- :
1. SU01, .
2. SNC- SNC.
3.1.
3. SNC name SNC- .
4. Unsecure communication permitted SNC. ,
snc/accept_insecure_gui U.

3.6. SAP-

47

. 3.1. SNC- SAP-.

SAP- ACL ( USRACL) SNC- .


, Canonical
name determined.
USRACL SM30 , SNC-.

48

3. SNC SAP

3.6.2

SNC-

3.1 SNC RFC-


CPIC-, 4.0.
, , SNC,
RFC- CPIC-, SAP- SNC-
.
SU01 SNC-
RFC- CPIC-. ,
SU01 SNC- . ,
SNC- SAP-,
ACL ( USRACLEXT).
ACL ,
, SNC, WebRFC-.
SNC- SAP- SU01 .
SNC- SM30
USRACLEXT. ACL , :
, ACL.
SNC- ,
SAP- ,
.
USRACLEXT SM30 .
: SAP-,
SNC- , SNC-.
* SNC-. * , :
* , SNC-.
* SNC-, SNC.

3.7. SAP-

49

* , SNC, SNC-.
* ,
.

3.7

SAP-

4.5
SNC.
:
snc/force_login_screen 0.

.
snc/force_login_screen 1 X7 ,
.

667470[12].

50

3. SNC SAP

4

SNC
SNC SAP- .
, , . ,
SAProuter-,
, .
SAP-
SAP-.
SNC .
, .
, , .

4.1

SNC: SAPgui SAP-

SAPgui SAP-, SAPgui , SAP- .


, SAPgui 4.0.
SAPgui:
sapgui.exe,

52

4. SNC
SAP Logon,
SAP Shortcuts.

SNC-, SNC,
, .

4.1.1

SAPgui (sapgui.exe)

, , SNC,
SAPgui SAP-, SAPgui SNC-
,
sapgui.exe. .
4.1.1.1

SNC_PARTNERNAME

SNC- SAP-.
SNC- SAP .
- SNC-.
.
, ".
.
4.1.1.2

SNC_LIB

.
GSS-API V2 .
-
.
.
255 ,
". .
.

4.1. SNC: SAPgui SAP-


4.1.1.3

53

SNC_MODE

SNC.
, SNC.
- SNC_PARTNERNAME , 1, 0.
.
0: SNC ; 1: SNC .
.
4.1.1.4

SNC_QOP

.
SNC-.
- 3.
.
1: ; 2:
; 3: ; 8:
-; 9: .
.

4.1.2

SAPgui (SAP Logon)

SAP Logon SAPgui,


SNC- . SNC_LIB
.
, SNC- , Advanced. . . .
SNC-,
:

54

4. SNC

. 4.1. SNC- SAP Logon.

,
,
.
1 .
4.1.2.1

SAP Logon :
1

SAP (message server),


: sapms<SAPSID>
services.

4.1. SNC: SAPgui SAP-

55

1. News. . . .
2. Advanced. . . . Advanced options 4.1.
3. SNC-:
(a) Enable Secure Network Communication.
(b) SNC- SNC name.
(c) SNC-.
4.1.2.2

Server. . . SNC- .
SNC , SNC- SNC name.
4.1.2.3

Groups. . . SNC- .
, SNC , SNC. ,
SNC name , SNC-
. SAP-.

4.1.3

SAPgui (SAP Shortcuts)

SAP Shortcuts , SNC,


SAPgui 4.5. SAPgui .
SAP Logon. , SNC SAP
Shortcuts SNC .
SAP Shortcuts SAP-,

56

4. SNC

SAP Shortcuts, . SAP Shortcuts - . , SNC,


.
, SAP Shortcuts .
-2 .
SAPgui 4.6D3 SNC-
SAP Shortcuts.
4.1.3.1

SNC_NAME

SNC- .
SNC- .
- .
.
.
.

4.1.4

(SAP-)

SAP- SNC- SAPgui 3.2: 3.6: SAP-.

4.2

SNC: RFC-
SAP-

RFC- , SAP- .
, 4.0, RFC- SNC ,
SAP- 4.0.
2

SAPgui SAP Shortcuts . 146173.


3
103019.

4.2. SNC: RFC- SAP-

4.2.1

57

( )

SNC RFC- SAP-, SNC- saprfc.ini, SAP RFC.


SNC-
saprfc.ini. SAP RFC
4.9.2: RFC.
saprfc.ini
SAP- ( ). , WP1_SNC :
DEST=WP1_SNC
TYPE=A
ASHOST=mysapcom
SYSNR=01
SNC_MODE=1
SNC_PARTNERNAE=p:CN=sap01.mysapcom, OU=IT, O=HOME, C=RU
SNC_LIB=/sapmnt/WP1/profile/exe/sncnetc.so
SAP-
mysapcom 01. SNC- :
p:CN=sap01.mysapcom, OU=IT, O=HOME, C=RU
:
/sapmnt/WP1/profile/exe/sncnetc.so
SNC-,
RFC- SAP-.
4.2.1.1

SNC_PARTNERNAME

SNC- SAP-.
SNC- SAP-.
- SNC-.
.
.

58

4. SNC

4.2.1.2

SNC_LIB

.
GSS-API V2 .
-
.
.
.
.
4.2.1.3

SNC_MODE

SNC.
, SNC.
- .
.
0: SNC ; 1: SNC .
4.2.1.4

SNC_QOP

.
SNC-.
- 3.
.
1: ; 2:
; 3: ; 8:
-; 9: .

4.2. SNC: RFC- SAP-


4.2.1.5

59

SNC_MYNAME

SNC- RFC-.
SNC- RFC-.
- .
.
.

4.2.2

(SAP-)

SAP- ,
SNC, RFC-, 3.2:
.
RFC- . , SNC, , SNC-. , SAP 4.0 4.5, SNC ,
.

4.2.3

RFC-, , RFC- SNC,


.
SNC.
1. SNC- SNC-
, SAP-
RFC-
.
2. , SAP- USRACLEXT
SNC-, .
, SAP- RFC-
.

60

4. SNC
3. , SAP- USRACLEXT
, *
SNC-. , SAP- . , SAP- , SNC, .
4. , SAP- USRACLEXT SNC-, * . , SAP-
. , SAP- , SNC, .
5. , SAP- USRACLEXT , * SNC-, * . , SAP- . ,
SAP- , SNC, .
6. , SAP- RFC.

4.3

SNC: CPIC-
SAP-

CPIC- , SAP- .
, 4.0, CPIC-
SNC , SAP- 4.0.

4.3.1 ( )
SNC CPIC- SAP-, SNC-
sideinfo, SAP CPIC. SNC- sideinfo.
SAP CPIC
4.9.1: CPIC.

4.3. SNC: CPIC- SAP-

61

SNC-,
CPIC- SAP-.
4.3.1.1

SNC_PARTNERNAME

SNC- SAP-.
SNC- SAP-.
- SNC-.
.
255 .
4.3.1.2

SNC_LIB

.
GSS-API V2 .
-
.
.
255 .
.
4.3.1.3

SNC_MODE

SNC.
, SNC.
- .
.
0: SNC ; 1: SNC .

62

4. SNC

4.3.1.4

SNC_QOP

.
SNC-.
- 3.
.
1: ; 2:
; 3: ; 8:
-; 9: .
4.3.1.5

SNC_MYNAME

SNC- CPIC-.
SNC- CPIC-.
- .
.
255 .
4.3.1.6

GWSERV

CPIC-.
, CPIC-. , SNC,
.
- ??.
??.
.
sapgw<nn>: ; sapgw<nn>s:
.

4.3. SNC: CPIC- SAP-

4.3.2

63

(SAP-)

SAP- ,
SNC, CPIC-, 3.2: .

4.3.3

CPIC-, , CPIC- SNC,


. , RFC (. 4.3.3: ).
CPIC- CPIC SAP-.

64

4. SNC

4.4

SNC: RFC-
SAP-

, 4.0, RFC- SNC ,


SAP- 4.0.
SNC- RFC- SAP-
SNC- RFC-.
SM59, SM30
RFCDESSECU.
SM59.
SM59 RFC-:
R/2-
R/3-


(TCP/IP-)
SNC- (SAP-)
.
, .

4.4.1

RFC- SNC- SM59

SNC- RFC-, :
SNC

SNC-
SNC- (SNC- , , , -) (.
3.2: ).

4.4. SNC: RFC- SAP-

65

, RFC- (Activation
type = Start ) , :
,
SNC- SNC-.
, SNC-
SNC- .
SNC- RFC:
1. SM59 RFC-
Change ( 4.2).
2. SNC, SNC Activ.
3. SNC-: Destination SNC Options ( 4.3).
4. QOP .
5. ( ),
SNC- .
6. .
:
RFC- , snc/data_protection/min , snc/
data_protection/max .
RFC- , , .
RFC- 8,
, snc/data_protection/use
.

66

4. SNC

. 4.2. SNC RFC-.

RFC- 9,
, snc/data_protection/max
.

4.4. SNC: RFC- SAP-

67

. 4.3. SNC- RFC-.

4.0A.
C: 3.1G/H 4.0A.

4.4.2

SAP- R/2

SNC- R/2 .

4.4.3

SAP- SAP-

,
SNC, SAP-.

68

4. SNC

4.4.3.1

(SAP-)

SNC-
SM59. 4.4.1: RFC- SNC SM59.
:
, SNC-
SNC names ( 4.3).
,
, .
-
SNC- SAP
SNC-.
SNC- Msg. Server ( 4.4).
4.4.3.2

(SAP-)

, SAP-
RFC- SAP-,
- ACL . SNC0
, RFC. ACL 4.5.
, :
, SNC0
( E). ( I) SNC0.
RFC- SAP- (.. RFC-
SM59 R/3 connections),

.

4.4. SNC: RFC- SAP-

69

. 4.4. SNC- RFC- .

4.4.3.3

, SNC, RFC-
SAP-, SNC. SNCSYSACL , , RFC-
SAP-.
, ,
.

70

4. SNC

. 4.5. ACL RFC- SAP-.

4.4.4

SAP-
RFC- ( I), .
SNCSYSACL.
.
SNC
RFC- (. 2.6: ).
SNC RFC-,

4.4. SNC: RFC- SAP-

71

snc/r3int_rfc_secure snc/r3int_rfc_qop
SAP-. ,
RFC-.
, RFC-, SNC,
SNCSYSACL.

4.4.5

, , . , SNC- SNC .

4.4.6

TCP/IP

RFC-, RFC- , .
, RFC- TCP/IP- .
. SNC , ,
RFC-, SNC-.
SAP- ,
RFC- .
4.4.6.1

(SAP-)

SNC-
SM59. 4.4.1: RFC- SNC SM59.
4.4.6.2

( )

SNC- , . :

72

4. SNC
SNC SNC
SNC-
SM59 .

snc/
gssapi_lib .
SNC- SAP- SNC-
RFC-. RFC- - ,
, .

4.4.7

TCP/IP

RFC- , , , .
RFC, TCP/IP-
, SAP- , RFC- .
4.4.7.1

(SAP-)

SNC-
SM59. 4.4.1: RFC- SNC SM59.
, RFC-, RFC- .
, SAP- ,
4.4.6: TCP/IP . SNC-, RFC-,
SNC- .
4.4.7.2

( )

SNC- , .
:

4.4. SNC: RFC- SAP-

73

SNC SNC
SNC-
SM59 .


.
snc/gssapi_lib .
SNC- SNC- RFC- RFC RFC- .
RFC- RFC-. RFC-
.
4.4.7.3

, SNC, 3.3:
.
:
, SNC ( snc/enable 1), ( snc/gssapi_lib).
-, SNC.
SNC-, snc/permit_insecure_start
1.
SNC
RFC- .
3.3: .
RFC- , ,
, snc/gssapi_lib
,
.

74

4. SNC

4.4.8

TCP/IP
SAPgui

, SAPgui,
, SAP.
RFC, TCP/IP-
SAPgui, SAP- , RFC- .
4.4.8.1

(SAP-)

SNC-
SM59. 4.4.1: RFC- SNC SM59.
RFC- , SAPgui,
, SNC, , SAP- SNC.
, RFC- SNC-.
4.4.8.2

( )

SNC- , SAPgui. :
SNC SNC
SNC-
SM59 , ,
SNC- .

SAPgui (SNC_LIB).
SNC- SNC- RFC-
SAPgui4 .
4

,
, .

4.4. SNC: RFC- SAP-

4.4.9

75

TCP/IP

. . .
4.4.9.1

(SAP-)

. . .
4.4.9.2

( )

. . .
4.4.9.3

SNC

. . .
4.4.9.4

. . .

4.4.10 SM51
SAP-
SM51,
RFC-. ,
SNC, snc/r3int_rfc_secure 1.

4.4.11

SM59

. . .

4.4.12
. . .
4.4.12.1 BACK
. . .

76

4. SNC

4.4.12.2

NONE

NONE , . SNC
, NONE SNC (. snc/r3int_rfc_secure).

4.4.13

RFCDES-

RFCDES SNC.

4.4.14

RFC-

RFC- SAP- .
RFC- ,
CALL FUNCTION ... DESTINATION IN GROUP ...
.
SNC- RFC-.

4.5. SNC: CPIC- SAP-

4.5

77

SNC: CPIC-
SAP-

. . .

78

4. SNC

4.6

SNC:

, SNC,
SAP- SAPlpd.
SAPlpd ( S), spool , SAPlpd .

4.6.1

(SAP-)

SAP-
SPAD. SPAD
.
Access method Host spool access method S. Do not query host spooler. . . 4.6.
Security Degree of security . Backup mode
SNC- . SNC-
Identity of the remote SAPlpd. . .
4.7.

4.6.2

( SAPlpd)

SNC SAPlpd
win.ini saplpd.ini5 .
[SNC].
4.6.2.1

gssapi_lib

.
GSS-API V2 .
-
.
5

saplpd.ini 4.10. SAPlpd saplpd.ini, win.ini.

4.6. SNC:

79

. 4.6. : S.

. SAPlpd SNC_LIB , gssapi_lib


.

255 .
.

80

4. SNC

. 4.7. : SNC-.

4.6.2.2

enable

SNC.
SNC.
- .
.
0: SNC ; 1: SNC .

4.6. SNC:
4.6.2.3

81

identity/lpd

SNC- SAPlpd.
SNC- SAPlpd.
.
- .
. 2.3.2: .

4.6.3

SNC- SAPlpd

SNC- SAPlpd
SNC. :
1. Options Secured Connection.
4.8.

. 4.8. SAPlpd: SNC-.

2. SAP Security Library.


Backup
Mode SPAD ( 4.7):

82

4. SNC
Do not use .
Use if possible SNC-
.
Use always ,
SNC, .
3. Quality of protection. , SAP-.
4. SAPlpd Add
new connection. 4.9.
5. Accept every authenticated connection ,
SNC- . , SNC-
Last authenticated connection initiator
Authorize.

,
saplpd.ini, win.ini
SAPlpd.

4.6. SNC:

. 4.9. SAPlpd: SNC-.

83

84

4. SNC

4.7

SNC: SAProuter SAProuter

SAProuter ,
- SAP. SAProuter .
SAProuter 4.10.

. 4.10. SNC- SAProuter.

SAProuter- SNC. SNC,


SAProuter . , , , SNC.
SAProuter , ,
SNC.
SNC- SAProuter,
:
SNC- .
SNC- (route permission
table) .

4.7. SNC: SAProuter SAProuter

4.7.1

85

SNC-

, SNC- SAProuter
:
1. SNC_LIB,
.
2. SAProuter -K <SNC->,
<SNC-> SNC SAProuter.

4.7.2

SNC:
1. KT- , SAProuter SAProuter,
SNC.
2. KP-, KD- KS- , , SNC, .
P-, D- S-, .
4.7.2.1

KT-

, SAProuter , SNC,
KT-, :
KT <SNC- > < > < >
:
<SNC- > SNC- .
< > IP- .
< >
.
* SNC-
.
, , KT-
P-, D-, S-.

86

4. SNC

4.7.2.2

KP-, KD- KS-

SNC- P-,
D-, S-, KP-, KD-, KS- .
, , IP- SNC-. ,
:
K<D/P/S> "<SNC- >" < >
< > <>
SAProuter (KP-, KS-) (KD-) , .

4.7.3

SNC- SAProuter SAProuter .

4.7.4

SNC

, SNC,
SAProuter. host1,
host2. , SAP- mysapcom 00.
SNC- :
p:CN=sr1, OU=IT, O=HOME, C=RU
SNC- :
p:CN=sr2, OU=IT, O=HOME, C=RU
:
# SNC host2
KT "p:CN=sr1, OU=IT, O=HOME, C=RU" host2 *
#
P * * *

4.7. SNC: SAProuter SAProuter

87

:
# sr1
#
mysapcom sapdp00
KP "p:CN=sr1, OU=IT, O=HOME, C=RU" mysapcom sapdp00
# sr1
#
mysapcom sapgw00
KP "p:CN=sr1, OU=IT, O=HOME, C=RU" mysapcom sapgw00
:
saprouter -r -K "p:CN=sr1, OU=IT, O=HOME, C=RU"
:
saprouter -r -K "p:CN=sr2, OU=IT, O=HOME, C=RU"

88

4. SNC

4.8

SNC: ITS SAP-

4.5B SNC-
SAP ITS (WGate AGate) SAP.
, SNC, 4.11.

. 4.11. SNC- ITS.


SNC SAP ITS :
WGate AGate
AGate
, AGate
WGate SAP-.

4.8.1

(ITS WGate)

, WGate AGate SNC, SNC-,


WEB-. WGate.trc.
, SNC_LIB, Win32-. :

4.8. SNC: ITS SAP-

89

HKLM\SOFTWARE\SAP\its\2.0\< ITS>\Programs\
Connects
HKLM\SOFTWARE\SAP\its\2.0\< ITS>\Programs\
WGate\environment
< ITS> WGate.
SNC_LIB ,
.
SAP ITS 4.6D WGate wgate.conf.
4.8.1.1

SNC_LIB

.
GSS-API V2 .
255 .
.
.
4.8.1.2

Type

.
WGate AGate. , SNC, 2
(NI-SNC).
0: Sockets; 1: SAP NI; 2: SAP NI-SNC.
, wgate.conf.
4.8.1.3

SncNameAGate

SNC- AGate.
SNC- AGate.
.
, wgate.conf.

90

4. SNC

4.8.1.4

SncNameWGate

SNC- WGate.
SNC- WGate.
.
, wgate.conf.

4.8.2

(ITS AGate)

, WGate AGate
SNC, SNC-, ITS Manager. AGate.trc
Mmanager.trc.
, SNC_LIB, Win32-. :
HKLM\SOFTWARE\SAP\its\2.0\< ITS>\Programs\
Connects
HKLM\SOFTWARE\SAP\its\2.0\< ITS>\Programs\
AGate\environment
< ITS> AGate.
SNC_LIB ,
.
4.8.2.1

SNC_LIB

.
GSS-API V2 .
255 .
.
.

4.8. SNC: ITS SAP-


4.8.2.2

91

Type

.
WGate AGate. , SNC, 2
(NI-SNC).
0: Sockets; 1: SAP NI; 2: SAP NI-SNC.
.
4.8.2.3

SncNameAGate

SNC- AGate.
SNC- AGate.
.
.
4.8.2.4

SncNameWGate

SNC- WGate.
SNC- WGate.
.
.

4.8.3

(ITS AGate)

, AGate
SNC, SNC- AGate.
global.srvc - (Internet Application Component, IAC).
.

92

4. SNC

4.8.3.1

sncNameAGate

SNC- AGate.
SNC- AGate.
. ,
SNC-, WGate ( SncNameAGate).
.
IAC.
4.8.3.2

sncNameR3

.
SAP-. SNC
AGate .
.
IAC.
4.8.3.3

sncQoPR3

SNC-.
SNC-
AGate SAP-.
1: ; 2:
; 3: ; 9:
, snc/data_protection/max
.
IAC.

4.8. SNC: ITS SAP-

4.8.4

93

(SAP-)

, AGate SAP SNC, SNC


. SNC- SAP-
3.2: .
AGate ACL
SAP-. SM30
VSNCSYSACL ( E):
1. SNC name SNC- AGate. System ID

.
2. Entry for RFC activated Entry for CPIC activated .
WebRFC,
ACL ( USRACLEXT).
ACL 3.6.2: SNC- :
1. * User.
2. SNC name SNC- Agate.

94

4. SNC

4.9

SAP C: CPIC- RFC-.

4.9.1

CPIC

. . .

4.9.2

RFC

SNC- RFC-
saprfc.ini . RFC-
SNC ( 4.4.6, 4.4.7, 4.4.8, 4.4.9).
SNC- RFC-: RfcOpenEx.
4.1 RFC-, SNC.

RfcOpenEx

RFC-

RfcSncMode

SNC

RfcSncPartnerName

SNC-

RfcSncPartnerAclKey

SNC-

RfcSncNameToAclKey

SNC-

RfcSncAclKeyToName

SNC-

4.1. RFC API, SNC.


RFC (RFC SDK), saprfc.hlp.

A
SNC-
,
SNC.

USRACL

SNC-,
SAP-. ,
SNC ( SAPgui CPIC RFC-).

USRACLEXT

SNC-,
SAP-. (CPIC- RFC-). ,
SNC CPIC- RFC-.

SNCSYSACL

SNC-
, SNC, .

A.1. , .

96

A. SNC-

RFCDES

RFC-,
SNC .

RFCDESSECU

SNC- RFC-.

TXCOM

CPIC-,
SNC .

TXCOMSECU

SNC- CPIC-.

A.2. , .

B
SNC-
SNC-,
SAP-.

RSSNCCHK

SNC-

RSSNC40A

SNC- USR15 3.1 USRACL 4.0.

RSSNCSRV

SNC-

RSUSR300

SNC-

RSUSR402

B.1. SNC-.

98

B. SNC-

C
3.1G/H
4.0A
3.1G/H 4.0A .
.

C.1

snc/data_protection/max

snc/data_protection/max .
, SNCERR_OVERSECURE
.

C.2

snc/data_protection/min,
snc/data_protection/use snc/data_protection/max 2.
1, 2. 1 ,

.

100

C. 3.1G/H 4.0A


[1] SAP ICC , , BC-SNC.
http://www.sap.com/partners/icc/
http://www.sap.com/partners/icc/scenarios/
technology/bc-snc.asp
[2] SAP: Printing Guide
SAP R/3 4.6C: Basis Components Computing Center Management
System SAP Printing Guide
[3] SAP: SAProuter
SAP R/3 4.6C: Basis Components Client/Server Technology
SAProuter
[4] SAP: Internet Transaction Server
SAP R/3 4.6C: Basis Components Frontend Services ITS /
SAP@Web Studio
[5] SAP: RFC API
SAP R/3 4.6C: Basis Components Communication Interfaces
Remote Communications
[6] 66687: Use of network security products.
[7] 149646: During maintenance with RZ10 SNC profile parameter
warning.
[8] 184277: Length Limitation of SNC-Names.

102

[9] 379081: Optional deactivation of the password logon.


[10] 396983: EM/MAX SIZE MB not maintainable in RZ10 and RZ11.
[11] 625823: SNC connections may block work processes for a long
time.
[12] 667470: snc/force login screen = 1 shows no impact.


AGate.trc, 90
global.srvc, 91
GSS-API V2, 13, 16, 17, 28
Mmanager.trc, 90
sapdp<nn>, 22
sapgw<nn>, 23, 39
sapgw<nn>s, 23, 39
saplpd.ini, 78, 82
sapms<SAPSID>, 54
saprfc.hlp, 94
saprfc.ini, 57, 94
SNC-, 1415
SNC_LIB, 13, 21
SNC_MODE, 21
SNC_MYNAME, 21
SNC_PARTNERNAME, 21
SNC_QOP, 21
SNCERR_INIT, 28
SNCERR_OVERSECURE, 99
wgate.conf, 89
WGate.trc, 88
win.ini, 78, 82
, 10
, 14
, 13

SNC, 1415
X.500, 18
, 14

, 15
, 15

SNCERR_INIT, 28
SNCERR_OVERSECURE, 99
, 1011
, 1314

RSSNC40A, 97
RSSNCCHK, 43, 97
RSSNCSRV, 25, 97
RSUSR300, 19, 97
RSUSR402, 43, 97

CPIC
GWSERV, 62
SNC_LIB, 61
SNC_MODE, 61
SNC_MYNAME, 62
SNC_PARTNERNAME, 61
SNC_QOP, 62
ITS AGate
sncNameAGate, 92
sncNameR3, 92
sncQoPR3, 92
SNC_LIB, 90
SncNameAGate, 91
SncNameWGate, 91
Type, 91
ITS WGate
SNC_LIB, 8889

104


SncNameAGate, 89
SncNameWGate, 90
Type, 89
RFC
SNC_LIB, 58
SNC_MODE, 58
SNC_MYNAME, 59
SNC_PARTNERNAME, 57
SNC_QOP, 58
SAP Shortcuts
SNC_NAME, 56
SAPgui
SNC_LIB, 52, 74
SNC_MODE, 53
SNC_PARTNERNAME, 5253
SNC_QOP, 53
SAPlpd
enable, 80
gssapi_lib, 7879
identity/lpd, 81
SAProuter
KD-, 8586
KP-, 8586
KS-, 8586
KT-, 85

login/disable_password_logon, 38
login/disable_password_logon, 27,
3738
login/password_logon_usergroup, 27,
38
rdisp/maximum_snc_hold_time, 27,
37
snc/accept_insecure_cpic, 26, 27,
33
snc/accept_insecure_gui, 37, 46
snc/permit_insecure_comm, 3233
snc/accept_insecure_gui, 22, 26, 27,
34
snc/accept_insecure_r3int_rfc, 27,
32, 35

snc/accept_insecure_rfc, 26, 27, 32,


3536
snc/data_protection/max, 27, 29
32, 65, 66, 92, 99
snc/data_protection/min, 27, 30
32, 65, 99
snc/data_protection/use, 27, 30
32, 65, 99
snc/enable, 2628
snc/force_login_screen, 27, 3637,
46, 49
snc/gssapi_lib, 2629, 72
snc/identity/as, 2629
snc/permit_insecure_comm, 27
snc/permit_insecure_gui, 27, 34
snc/permit_insecure_start, 27, 36,
40
snc/r3int_rfc_qop, 27, 32, 71
snc/r3int_rfc_secure, 22, 27, 31
32, 35, 71, 75, 76
snc/user_maint, 2728

gw/rem_start, 40
gw/remsh, 40
snc/permit_insecure_comm, 39
snc/enable, 39, 73
snc/gssapi_lib, 39, 73
snc/permit_insecure_start, 3940,
73

48<nn>, 23
sapdp<nn>, 22
sapgw<nn>, 23, 39
sapgw<nn>s, 23, 39
sapms<SAPSID>, 54
SAProuter, 22
(ACL)
, 4142, 44, 47
49, 93
, 42, 44, 68, 93


RFCDES, 76, 96
RFCDESSECU, 64, 96
SNCSYSACL, 6971, 95
TXCOM, 96
TXCOMSECU, 43, 96
USR15, 97
USRACL, 41, 44, 47, 95, 97
USRACLEXT, 41, 44, 48, 59, 60,
93, 95
VSNCSYSACL, 42, 44, 93

RZ10, 26
SM30
RFCDESSECU, 43, 64
TXCOMSECU, 43
USRACL, 41, 44, 47
USRACLEXT, 41, 44, 48
VSNCSYSACL, 42, 44, 93
SM51, 75
SM54, 43
SM59, 42, 6468, 7174
SNC0, 42, 44, 68
SO70
SIMG_BCSNC, 41
SPAD, 42, 78, 81
SPRO, 40
SU01, 28, 38, 41, 46, 48
SUIM, 42
, 10, 15

, 10
, 1011
, 10

AGate.trc, 90
global.srvc, 91
Mmanager.trc, 90
saplpd.ini, 78, 82
saprfc.hlp, 94
saprfc.ini, 57, 94
wgate.conf, 89

105
WGate.trc, 88
win.ini, 78, 82
, 10