cancel
Showing results for 
Search instead for 
Did you mean: 

SAP Netweaver SSO 2.0 - keytab lifetime

Former Member
0 Kudos

Hi,

just a short question.

Do we need to update the keytab file ( SAPSNCSKERB.pse ) with ( crontab )

../SLL/sapgenpse keytab -p SAPSNCSKERB.pse -a USER@DOMAIN.ORG -nopsegen -y " "

like we have to do it in the old SNC connection method ( kinit -k planned in the crontab ) ? or is it enough to build the pse one time.

Are there tickets that will expire ?

sapgenpse keytab -p SAPSNCSKERB.pse -nopsegen

#############################################################################

License Disclaimer SAP NetWeaver Single Sign-On

You are about to configure trust for single sign-on or SNC Client Encryption.

Please note that for single sign-on you require a license for

SAP NetWeaver Single Sign-On.

As exception, the usage of SNC Client Encryption only without SSO is free

as described in SAP Note 1643878.

#############################################################################

keytab: Found keyTab entries in PSE.

keytab: KeyTab content stored:

    Version  Time stamp                 KeyType   Kerberos name

          1  Fri Dec 12 09:43:16 2014   DES       USER@DOMAIN.ORG

          1  Fri Dec 12 09:43:16 2014   AES128    USER@DOMAIN.ORG

          1  Fri Dec 12 09:43:16 2014   AES256    USER@DOMAIN.ORG

          1  Fri Dec 12 09:43:16 2014   RC4       USER@DOMAIN.ORG

greetings

Oliver

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hello,

you need to update the Keytab in the PSE file if you change the password of the Service principal user on the Active Directory Domain, that's all.

What you see is the generation time of the Kerberos keys, but there are infinite valid.

The Kerberos service tickets have lifetimes but there will be generated on a per SNC session basis.

best regards

Alexander Gimbel


Former Member
0 Kudos

thx

Answers (1)

Answers (1)

Former Member
0 Kudos

does anyone know the answer ?

push