Checking the Security Configuration of Gateway.
To ensure that your configuration of security files secinfo and reginfo is free of errors, while the system is running you can check that the files do not contain incorrect entries by using the gateway trace file.
As described in the relevant sections there are two ways to define the files:
The conventional way with no version specification (interpreted internally as VERSION=1)
The new syntax with title line #VERSION=2 and P or D at the start of each line; conventional syntax lines start with a P in the new syntax.
Here you have to decide on the syntax for each file - mixed files are not accepted.
You have maintained the security files, they are located in the correct directory, and the Gateway has been restarted.
Display the Gateway trace file dev_rd. You can do this using the gateway monitor (transaction SMGW), the trace file display (transaction ST11), the management console, or at operating system level.
Search for entries of type
*** WARNING => Errors found in ./secinfo
*** WARNING => Errors found in ./reginfo
that are written to standard trace level 1.
Then check the relevant file.
The following examples show which error messages are in the trace if the files are correctly set up.
Mixed File
Here the files have been created using the new syntax (with #VERSION=2), but contain entries without P or D at the start of the lines).
#VERSION=2 TP=hugo PWD=secret HOST=local USER=* D HOST=* USER=* TP=/bin/sap/cpict4 P HOST=* USER=* TP=/bin/sap/cpict* HOST=local USER=* TP=* D TP=hugo PWD=geheim HOST=local USER=* |
#VERSION=2 P TP=cpict4 HOST=10.18.210.140 D TP=* HOST=10.18.210.140 TP=ABC NO=1 P TP=cpict2 ACCESS=ld8060,localhost CANCEL=ld8060,localhost P TP=cpict4 |
GwIInitSecInfo: secinfo version = 2 *** ERROR => invalid first character T in ./secinfo line 2 *** ERROR => invalid first character H in ./secinfo line 5 *** WARNING => Errors found in ./secinfo *** WARNING => Please correct the invalid entries GwIRegInitRegInfo: reginfo version = 2 *** ERROR => invalid first character T in ./reginfo line 4 *** WARNING => Errors found in ./reginfo *** WARNING => Please correct the invalid entry |
Version specification is missing
Here the version specification is missing, but the new syntax is used in some lines.
TP=hugo PWD=geheim HOST=local USER=* D HOST=* USER=* TP=/bin/sap/cpict4 P HOST=* USER=* TP=/bin/sap/cpict* HOST=local USER=* TP=* D TP=hugo PWD=geheim HOST=local USER=* |
P TP=cpict4 HOST=10.18.210.140 D TP=* HOST=10.18.210.140 TP=ABC NO=1 P TP=cpict2 ACCESS=ld8060,localhost CANCEL=ld8060,localhost P TP=cpict4 |
GwIInitSecInfo: secinfo version = 1 *** ERROR => invalid Permit/Deny in ./secinfo line 2 detected (first line should be #VERSION=2) *** ERROR => invalid Permit/Deny in ./secinfo line 3 detected (first line should be #VERSION=2) *** ERROR => invalid Permit/Deny in ./secinfo line 5 detected (first line should be #VERSION=2) *** WARNING => Errors found in ./secinfo *** WARNING => Please correct the invalid entries GwIRegInitRegInfo: reginfo version = 1 *** ERROR => invalid Permit/Deny in ./reginfo line 1 detected (first line should be #VERSION=2) *** ERROR => invalid Permit/Deny in ./reginfo line 2 detected (first line should be #VERSION=2) *** ERROR => invalid Permit/Deny in ./reginfo line 4 detected (first line should be #VERSION=2) *** ERROR => invalid Permit/Deny in ./reginfo line 5 detected (first line should be #VERSION=2) *** WARNING => Errors found in ./reginfo *** WARNING => Please correct the invalid entries |