RFC: TCP/IP Connection - Registered Program

Use

For an RFC call that uses a TCP/IP connection to call a registered program, the AS ABAP is the initiator of the communication and the registered program is the acceptor.

Initiator (AS ABAP)

To specify the SNC options for the initiator (AS ABAP), use transaction SM59. For more information, see Maintaining RFC Destinations and their SNC Options Using Transaction SM59.

Acceptor (Registered Program)

To apply SNC protection to registered programs that communicate with AS ABAP systems using RFC, you need to specify the SNC options in either the saprfc.ini file or using the program interface in rfclib. This section describes how to specify the information in saprfc.ini.

For more information about using rfclib, see C Program Interfaces.

Prerequisites

You have provided or installed accepting credentials for the RFC server program. (The procedure for installing credentials depends on the security product that you use.)

Procedure

Set the SNC parameters in saprfc.ini as shown in the table below.

Parameter

Description

Required or Optional

Permitted Values

Default

SNC_LIB

Path and file name of the GSSAPI library

Required

String value

None

SNC_MODE

SNC activation indicator

Required

0,1

0=SNC disabled

1=SNC activated

None

SNC_QOP

Quality of protection (protection level)

Optional

1,2,3,8,9

3

SNC_MYNAME

SNC name of the RFC server program

Optional

String value

The SNC name contained in the SNC options of the RFC destinations.

Example destination in the saprfc.ini file:

        
DEST=ABC_S
        
TYPE=R
        
PROGID=host4.srfcserv
        
GWHOST=host1
        
GWSERV=sapgw01
        
SNC_MODE=1
        
SNC_MYNAME=p:CN=testuser, OU=TEST01, O=myCompany, C=US
        
SNC_LIB=C:\SAP_Cryptolib\sapcrypto.dll

Using SNC with Registered Programs

You can only enter one SNC partner name when you enter the SNC options for RFC destinations. Therefore, if two or more programs have the same registered program ID, they must also use the same credentials. This is generally not a problem if the programs are started on the same computer.

However, starting registered programs on different computers is only possible if the same credentials can be used on the different computers. Whether or not this is supported depends entirely on the security product used. Normally, it is not supported and not recommended!

Gateway Operations

For information about SNC with gateway operations, see Profile Parameter Settings on the Gateway.