Show TOC Start of Content Area

Procedure documentation Creating the Server's Credentials Using SAPGENPSE  Locate the document in its SAP Library structure

Use

The server must have active credentials at run-time. Therefore, to produce active credentials, you must use the configuration tool's command seclogin to "open" the server's PSE.

Caution

The credentials are located in the file cred_v2 in the directory specified in the environment variable SECUDIR. Make sure that only the user under which the server runs has access to this file (including read access).

Caution

It is also very important to create the credentials for the user who runs the server's processes. For example, for the application server, the user is typically <sid>adm(UNIX) or SAPService<SID> (Windows). For more information, see Checking the Application Server's User (Windows).

Prerequisites

·        The SAP Cryptographic Library is installed on the server.

·        The environment variable SECUDIR has been set to the location where the PSE is stored.

·        The PSE exists on the server.

Procedure

Use the following command line to open the server's PSE and create credentials:

Syntax

sapgenpse seclogin <additional_options> [-p <PSE_name>] [-x <PIN>] [-O [<NT_Domain>\]<user_ID>]

Where:

Standard Options

Option

Parameter

Description

Allowed Values

Default

-p

<PSE_name>

Path and file name for the server's PSE

Path description (in quotation marks, if spaces exist)

None

-x

<PIN>

PIN that protects the PSE

Character string

None

-O

[<Windows_Domain>]\<user_ID>

User for which the credentials are created. (The user that runs the server's  processes.)

Valid operating system user

The current user

 

Additional Options

Option

Parameter

Description

Allowed Values

Default

-l

None

List all available credentials for the current user.

Not applicable

Not set

-d

None                                          

Delete PSE

Not applicable

Not set

-chpin

None

Specifies that you want to change the PIN

Not applicable

Not set

Note

You can also use the seclogin command to delete the server's credentials, change the PIN that protects a PSE, or to list the available credentials for a user (option -l).

Examples

Creating Credentials for the Application Server

The following command line opens the application server's PSE (<SID> = ABC) that is located at D:\usr\sap\ABC\DVEBMGS28\sec\ABC.pse and creates credentials for the user SAPServiceABC. The PIN that protects the PSE is abcpin.

sapgenpse seclogin -p D:\usr\sap\ABC\DVEBMGS28\sec\ABC.pse -x abcpin -O SAPServiceABC

Result

The credentials file (cred_v2) for the user provided with the -O option is created in the SECUDIR directory.

Note

Check the contents of the directory at the operating system level to make sure the credentials were created in the correct location before proceeding with the next step.

 

 

 

End of Content Area