The SNC configuration for CPIC connections to external programs over a gateway (type = E in table TXCOM) is almost identical to that for RFC external programs on an explicit host (see RFC: TCP/IP Connection - Start an External Program on an Explicit Host). In both cases, the program is started over a gateway and the program uses the environment from the gateway to obtain its security information.
For a CPICcall that starts an external program over a gateway, the calling AS ABAP is the initiator of the communication and the external program is the acceptor.
To specify the SNC options for the initiator (AS ABAP), use transaction SM54. See Maintaining CPIC Destinations and Their SNC Options Using Transaction SM54.
The SNC options as entered in transaction SM54 for the initiator are automatically sent to the program to be started. These options include the SNC mode (active or inactive), the SNC name for the external program (SNC partner name), and the quality of protection.
To specify the path and file name of the external library, the gateway that starts the external program sends the value of its own profile parameter snc/gssapi_lib to the external program as a command line parameter. (The command line parameter value overrides the SNC_LIB environment variable.)
See Profile Parameter Settings on the Gateway for information pertaining to SNC with gateway operations.
In addition, note the following:
The gateway uses the common Berkeley remote shell (rsh or remsh) to start programs on remote hosts. The Berkeley remote shell performs only a simple authentication based on the IP address and cannot protect the TCP datastream that it uses. Therefore, we recommend that you do not use the starting of programs on remote hosts when using SNC.
However, if the external program does have to start on a remote host, then make sure that the path and file name of the external library is also valid on the remote host. (The location of the library is specified in the gateway's profile parameter snc/gssapi_lib and sent to the external program on the remote host.)