Security Aspects of the SAP NetWeaver Management Agents
The SAP NetWeaver management agents provide various Web service interfaces, some of which are protected. To use protected Web service methods, you need to authenticate yourself with a user name and password. With the default setting, all methods of the interface SAPHostControl except for ListInstances are protected in this way.
With the default setting, only the user sapadm has authorization to access these protected methods.
Additional configuration steps are required for some platforms for this authentication mechanism to function correctly. The mechanism under Linux is therefore based on Pluggable Authentication Modules (PAM), a software library that provides a general programming interface for authentication services. You can perform a simple configuration, for example, by creating the file /etc/pam.d/sapstartsrv and adding the following line to the file:
auth required am_unix_auth.so
For more information, see SAP Note 927637.
Both the instance and the host agent support SSL. For this, SSL must be configured on the corresponding application server.
Infrastructure of the SAP NetWeaver Management Agents Start Page