The server must have active credentials at run-time. Therefore, to produce active credentials, you must use the configuration tool's commandseclogin to "open" the server's PSE.
The credentials are located in the filecred_v2 in the directory specified in the environment variableSECUDIR. Make sure that only the user under which the server runs has access to this file (including read access).
It is also very important to create the credentials for the user who runs the server's processes. For example, for the application server, the user is typically<sid>adm (UNIX) or SAPService<SID> (Windows). For more information, seeChecking the Application Server's User (Windows).
Use the following command line to open the server's PSE and create credentials:
sapgenpse seclogin <additional_options> [-p <PSE_name>] [-x <PIN>] [-O [<NT_Domain>\]<user_ID>]
Where:
Standard Options
Option | Parameter | Description | Allowed Values | Default |
---|---|---|---|---|
-p |
<PSE_name> |
Path and file name for the server's PSE |
Path description (in quotation marks, if spaces exist) |
None |
-x |
<PIN> |
PIN that protects the PSE |
Character string |
None |
-O |
[<Windows_Domain>]\<user_ID> |
User for which the credentials are created. (The user that runs the server's processes.) |
Valid operating system user |
The current user |
Additional Options
Option | Parameter | Description | Allowed Values | Default |
---|---|---|---|---|
-l |
None |
List all available credentials for the current user. |
Not applicable |
Not set |
-d |
None |
Delete PSE |
Not applicable |
Not set |
-chpin |
None |
Specifies that you want to change the PIN |
Not applicable |
Not set |
You can also use theseclogin command todelete the server's credentials, change the PIN that protects a PSE, or to list the available credentials for a user (option-l).
Creating Credentials for the Application Server
The following command line opens the application server's PSE (<SID> = ABC) that is located atD:\usr\sap\ABC\DVEBMGS28\sec\ABC.pse and creates credentials for the userSAPServiceABC. The PIN that protects the PSE is abcpin.
sapgenpse seclogin -p D:\usr\sap\ABC\DVEBMGS28\sec\ABC.pse -x abcpin -O SAPServiceABC
The credentials file (cred_v2) for the user provided with the -O option is created in theSECUDIR directory.
Check the contents of the directory at the operating system level to make sure the credentials were created in the correct location before proceeding with the next step.