snc/enable 

Use

Set this parameter to activate SNC on the AS ABAP.

Description

Set this parameter to the value 1 to activate SNC on the application server. The system then executes the SNC initialization at start-up.

Strategy

Per default, once you have activated SNC (snc/enable = 1), the system only accepts SNC-protected connections. If your SAP system is isolated by means of packet-filtering routers and you want to accept conventional connections that are not protected with SNC parallel to SNC-protected connections, then you must also set the appropriate parameters (see snc/accept_insecure_gui, snc/accept_insecure_rfc, snc/accept_insecure_cpic).

The SNC modules require the path and file name of the security product's shared library (for example, snc/gssapi_lib = /usr/local/lib/libsecude.so). If you have activated SNC , then the system loads this library at runtime. If the system cannot find or open the file, then an error message occurs and the process terminates.

(The error message comes from the module SncInit() and is called SNCERR_INIT.)

Default Value

0 (SNC is not activated)

Affected Parameters

snc/gssapi_lib (path and file name of the external shared library)

snc/identity/as (SNC name of the application server as known by the external security product)

snc/accept_insecure_gui (accept unprotected SAP GUI logons)

snc/accept_insecure_rfc (accept unprotected RFCs)

snc/accept_insecure_cpic (accept unprotected CPICs)

snc/data_protection/min (minimum requirement on the protection level)

snc/data_protection/max (maximum level of protection for connections initiated by the AS ABAP)

snc/data_protection/use (recommended level of protection)

snc/r3int_rfc_secure (starting internal RFCs with SNC)

snc/r3intrfc_qop (protection level for internal RFCs)

snc/permit_insecure_start (allows the gateway to start programs without using SNC-protected communications)

Valid Entries, Formats

0: SNC is disabled

1: SNC is activated