Dear All,
There is a kerberos based Secure Login Library implementation on Windows 2008. Basis version 7.31 SP8, Kernel 7.21EXT 129
sapgenpse keytab -p SAPSNCSKERB.pse -x password -y passwordofssoaccount -a SSOAccount
sapgenpse seclogin -p SAPSNCSKERB.pse -x password -O Serviceaccount
has been implemented
when I activate SNC on SAP logon and I wanto to login I can see Following error:
In Workprocess trace file:
N *** ERROR => SPNegoLib: ERROR(0xA0100207) in CRYPT->sec_crypt_cipher_all(): Decryption error, invalid padding decrypted
[BASE sec_crypt_cipher_all] [spnego.c 2447]
N {root-id=0050568F033D1EE389EE03F8014C2948}_{conn-id=00000000000000000000000000000000}_0
N *** ERROR => SPNegoLib: ERROR(0xA0100207) in CRYPT->credCipher(): Decryption error, invalid padding decrypted
[BASE credCipher] [spnego.c 2447]
N {root-id=0050568F033D1EE389EE03F8014C2948}_{conn-id=00000000000000000000000000000000}_0
N *** ERROR => SPNegoLib: ERROR(0xA0100207) in CRYPT->sec_oldpse_decryptCred(): Decryption error, invalid padding decrypted
[BASE sec_oldpse_decryptCred] [spnego.c 2447]
N {root-id=0050568F033D1EE389EE03F8014C2948}_{conn-id=00000000000000000000000000000000}_0
N *** ERROR => SPNegoLib: Srv-80000000: Client hello parameters: no key exchange algorithm fits server preferences. [GSS analyze_cl
N {root-id=0050568F033D1EE389EE03F8014C2948}_{conn-id=00000000000000000000000000000000}_0
N *** ERROR => SPNegoLib: Srv-80000000: < Msg ClientHello process failed : errval=d0000, minor_status=a220021e [GSS messa
N {root-id=0050568F033D1EE389EE03F8014C2948}_{conn-id=00000000000000000000000000000000}_0
keytab is stored in SAPSNCSKERB.pse:
SPNEGO works for WebGUI.
PS. Exactly the same configuration works properly on Prod environment ( please do not send that SAP/SAPService<SID> is the mandatory format because SAP/KerberosSID also works on many systems with NW SSO 2.0 )
Thanks in advance for your help.
Zsolt