Show TOC Start of Content Area

Procedure documentation CPIC: Start an External Program over a Gateway  Locate the document in its SAP Library structure

Use

The SNC configuration for CPIC connections to external programs over a gateway (type = E in table TXCOM) is almost identical to that for RFC external programs on an explicit host (see RFC: TCP/IP Connection - Start an External Program on an Explicit Host). In both cases, the program is started over a gateway and the program uses the environment from the gateway to obtain its security information.

For a CPIC call that starts an external program over a gateway, the calling AS ABAP is the initiator of the communication and the external program is the acceptor.

Initiator (AS ABAP)

To specify the SNC options for the initiator (AS ABAP), use transaction SM54. See Maintaining CPIC Destinations and Their SNC Options Using Transaction SM54.

Acceptor (External Program)

The SNC options as entered in transaction SM54 for the initiator are automatically sent to the program to be started. These options include the SNC mode (active or inactive), the SNC name for the external program (SNC partner name), and the quality of protection.

To specify the path and file name of the external library, the gateway that starts the external program sends the value of its own profile parameter snc/gssapi_lib to the external program as a command line parameter. (The command line parameter value overrides the SNC_LIB environment variable.)

Gateway Operations

See Profile Parameter Settings on the Gateway for information pertaining to SNC with gateway operations.

In addition, note the following:

·        Make sure that SNC is activated for the gateway (snc/enable = 1) and that the path and file name of the external library are contained in the profile parameter snc/gssapi_lib.

·        Normally, the gateway will not start external programs without using SNC protection. To enable the starting of external programs without using SNC, set the gateway's parameter snc/permit_insecure_start to the value "1".

·        When using SNC, we recommend having the gateway start the external programs locally and not on remote hosts. Disable the starting of programs on remote hosts as described Profile Parameter Settings on the Gateway.

Note

The gateway uses the common Berkeley remote shell (rsh or remsh) to start programs on remote hosts. The Berkeley remote shell performs only a simple authentication based on the IP address and cannot protect the TCP datastream that it uses. Therefore, we recommend that you do not use the starting of programs on remote hosts when using SNC.

However, if the external program does have to start on a remote host, then make sure that the path and file name of the external library is also valid on the remote host. (The location of the library is specified in the gateway's profile parameter snc/gssapi_lib and sent to the external program on the remote host.)

 

End of Content Area