HPE Community
Operating System - HP-UX
1826794 Members
1645 Online
109703 Solutions
New Discussion

SAP SSO WITH UNIX AND WINDOWS 2003

 
tarunn
Occasional Contributor

‎06-26-2009 04:22 AM

‎06-26-2009 04:22 AM

SAP SSO WITH UNIX AND WINDOWS 2003

Hi ,

We are having 6 Unix servers on which we have SAP running. We are using Windows 2003 ADS.Using kerberos we want to have SSO.

I am getting the below error:

pamkrbval -a ia64 -v

Validating the pam configuration files
---------- --- --- ------------- -----

Validating the /etc/pam.conf file
[LOG] : The /etc/pam.conf files permissions are fine
[LOG] : Opened : /etc/pam.conf

ERROR: File Not found : /usr/lib/security/hpux64/libpam_krb5.so.debug
[NOTICE] : Problem with the following line in the file /etc/pam.conf
login auth required libpam_krb5.so.debug

[FAIL] : The validation of config file: /etc/pam.conf failed

[NOTICE] : The validation of config file: /etc/pam_user.conf is not done
as libpam_updbe library is not configured

Validating the kerberos config file
---------- --- -------- ------ -----
[PASS] : Initialization of kerberos passed

Connecting to default Realm
---------- -- ------- -----
[LOG] : The default realm is : SCIDEV.COM
[LOG] : KDC hosts for realm SCIDEV.COM :DQE_INF_DC1.SCIDEV.COM
[LOG] : Trying to contact KDC for realm SCIDEV.COM...
[LOG] : Realm SCIDEV.COM is answering ticket requests
[PASS] : Default Realm is issuing tickets

Validating the keytab entry for the host service principal
---------- --- ------ ----- --- --- ---- ------- ---------
[LOG] : Host DQESAP04, aka DQESAP04.
[LOG] : The default keytab name is : /etc/krb5.keytab
[LOG] : Keytab file /etc/krb5.keytab is present
[LOG] : Permissions on /etc/krb5.keytab are correct.
[LOG] : Key table entry not found while getting the keytab entry from /etc/krb5.keytab
[LOG] : Checking whether host service principal is present on the KDC
[LOG] : Pinging KDC to verify whether host/dqesap04@ exists
[WARNING] : host/dqesap04@ found on KDC but not found in keytab file
[WARNING] : The keytab validation had warnings

Validating the rc_host file for ownership
-------- ------ ---- -------- ------ -----
[LOG] : rc_host file /usr/tmp/rc_host_0 is not present on the system
[PASS] :The Validation of rc_host file:/usr/tmp/rc_host_0 is successful
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

‎06-26-2009 06:10 AM

‎06-26-2009 06:10 AM

Re: SAP SSO WITH UNIX AND WINDOWS 2003

Shalom,


pamkrbval -a ia64 -v


this output indicates that krb5 software is nor present or that the pam configuration needs to be changed.

I would update pam software to the latest available version from http://software.hp.com and test the pam configuration changes being recommended.

There may be dependencies that require update.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
SUDHAKAR_18
Trusted Contributor

‎07-01-2009 09:43 PM

‎07-01-2009 09:43 PM

Re: SAP SSO WITH UNIX AND WINDOWS 2003

Hi Tarun,

Please list the files under /usr/lib/security/hpux64

and also send /etc/pam.conf

Regards,
Sudhakar
0 Kudos
Reply
tarunn
Occasional Contributor

‎07-02-2009 03:20 AM

‎07-02-2009 03:20 AM

Re: SAP SSO WITH UNIX AND WINDOWS 2003

Dear Sudhakar,

Now I am getting the following error after configuring pam.conf and pam_user.conf file.


Validating the pam configuration files
---------- --- --- ------------- -----

Validating the /etc/pam.conf file
[LOG] : The /etc/pam.conf files permissions are fine
[LOG] : Opened : /etc/pam.conf

[PASS] : The validation of config file: /etc/pam.conf passed


Validating the /etc/pam_user.conf file
[LOG] : The /etc/pam_user.conf files permissions are fine
[LOG] : Opened : /etc/pam_user.conf

[PASS] : The validation of config file: /etc/pam_user.conf passed

Validating the kerberos config file
---------- --- -------- ------ -----
[PASS] : Initialization of kerberos passed

Connecting to default Realm
---------- -- ------- -----
[LOG] : The default realm is : SCIDEV.COM
[LOG] : KDC hosts for realm SCIDEV.COM :DQE_INF_DC1.SCIDEV.COM
[LOG] : Trying to contact KDC for realm SCIDEV.COM...
[LOG] : Realm SCIDEV.COM is answering ticket requests
[PASS] : Default Realm is issuing tickets

Validating the keytab entry for the host service principal
---------- --- ------ ----- --- --- ---- ------- ---------
[LOG] : Host DQESAP04, aka DQESAP04.
[LOG] : The default keytab name is : /etc/krb5.keytab
[LOG] : Keytab file /etc/krb5.keytab is present
[WARNING] : Permissions on /etc/krb5.keytab are incorrect.
[HELP] : Use 'chmod 0600 /etc/krb5.keytab '
[FAIL] : The keytab validation failed

Validating the rc_host file for ownership
-------- ------ ---- -------- ------ -----
[LOG] : rc_host file /usr/tmp/rc_host_0 is not present on the system
[PASS] :The Validation of rc_host file:/usr/tmp/rc_host_0 is successful
0 Kudos
Reply
SUDHAKAR_18
Trusted Contributor

‎07-02-2009 11:29 PM

‎07-02-2009 11:29 PM

Re: SAP SSO WITH UNIX AND WINDOWS 2003

[WARNING] : Permissions on /etc/krb5.keytab are incorrect.
[HELP] : Use 'chmod 0600 /etc/krb5.keytab '


please check the permissions of /etc/krb5.keytab file.
0 Kudos
Reply
SUDHAKAR_18
Trusted Contributor

‎07-03-2009 12:13 AM

‎07-03-2009 12:13 AM

Re: SAP SSO WITH UNIX AND WINDOWS 2003

also check this.....
http://docs.hp.com/en/5991-7718/ch04s04.html
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.