Security Aspects of the SAP NetWeaver Management Agents (SAP Library - Infrastructure of the SAP NetWeaver Management Agents)

Security Aspects of the SAP NetWeaver Management Agents

Use

The SAP NetWeaver management agents provide various Web service interfaces, some of which are protected. To use protected Web service methods, you need to authenticate yourself with a user name and password. With the default setting, all methods of the interface SAPHostControl except for ListInstances are protected in this way.

With the default setting, only the user sapadm has authorization to access these protected methods.

Additional configuration steps are required for some platforms for this authentication mechanism to function correctly. The mechanism under Linux is therefore based on Pluggable Authentication Modules (PAM), a software library that provides a general programming interface for authentication services. You can perform a simple configuration, for example, by creating the file /etc/pam.d/sapstartsrv and adding the following line to the file:

auth required am_unix_auth.so

For more information, see SAP Note 927637.

Note

Both the instance and the host agent support SSL. For this, SSL must be configured on the corresponding application server (see Configuring SAP Web AS for SSL Support).

This graphic is explained in the accompanying text Infrastructure of the SAP NetWeaver Management Agents Start Page