Hello Team
We are in process to implement SAP NW SSO using Kerberos in our SAP environment. I am looking for recommendation on some of the setup requirement in following scenarios
SAP Production CI + 10 Application Server
1. Service user id - I understand everyone recommend to create service id for each SAP instance to reduce the impact with service id credentials issues.
- But anyone have tried to create Service user id for each Production Application server for single Production. For e.g. - 10 SAP Application servers will have 10 service id but one SPN. With this setup, we have to create separate SAPSNCKERB.pse for each application server.
2. We are sharing the Kernel directory but not "SEC". Each application server has /usr/sap/SID/D<Instance no>/sec ( /usr/sap/ABC/D00/sec)
- Should we create Kerberos Keytab PSE for one server and copy them to rest of in "secudir" path.
3. Should we setup SNC parameters in Default or Instance profile ( we are not using SNCWIZARD but I have noticed SAP updated all SNC in default if I use the Wizard)
Let me know if you have any further recommendation.
Thank you
Santosh.