Hi guys,
in theory i would guess this is possible but does someone ever tested this?
Situation: Secure Login Library 2.0 or CCL on a SAP ABAP backend system. The system is configured for Kerberos and X.509 based SNC. As Server identity (snc/identity/as) the X.509 DN of the SNC certificate is used. The system is used by multiple customers. some have a SSO license and installed the Secure Login Client 2.0 thus can use SNC/SSO based login using X.509 certs or Kerberos.
An other customer only wants to have SNC encryption, but not SSO. Now I would think it is sufficient to install the SAP GUI add-on delivered by the SNC Client Encryption on the client. Technically as we know, its based on Kerberos so all required service users and SPNs within the customers AD are created and the corresponding keytab is available on the AS ABAP (SAPSNCSKERB.pse). In addition saplogon.ini on the client is modified with the SNC-Name of the Server (SPN).
I would mean there is nothing special to consider on the backend, in order to mix both technologies, or?
Please let me know your opinions
Gruß,
Carsten