Show TOC

 Security Aspects of the SAP NetWeaver Management AgentsLocate this document in the navigation structure


The SAP NetWeaver management agents provide various Web service interfaces, some of which are protected. To use protected Web service methods, you need to authenticate yourself with a user name and password. With the default setting, all methods of the interface SAPHostControl except for ListInstances are protected in this way.

With the default setting, only the user sapadm has authorization to access these protected methods.

Additional configuration steps are required for some platforms for this authentication mechanism to function correctly. The mechanism under Linux is therefore based on Pluggable Authentication Modules (PAM), a software library that provides a general programming interface for authentication services. You can perform a simple configuration, for example, by creating the file /etc/pam.d/sapstartsrv and adding the following line to the file:

auth required

For more information, see SAP Note 927637.


Both the instance and the host agent support SSL. For this, SSL must be configured on the corresponding application server.

 Infrastructure of the SAP NetWeaver Management Agents Start Page