The parameters described below are used to configure the gateway to ensure secure connections.
Refer also to Security Settings in the SAP Gateway.
Your system must be configured for using the SNC interface.
File with the security details (see Assigning Start Authorizations for External Programs).
Any unauthorized starting of external programs can be prevented by maintaining the file secinfo in the data directory of the gateway instance.
Default value |
<Data-Directory>/secinfo
|
Dynamic |
Yes |
These parameters can be used to protect external programs against being started.
If this parameter has the value ‘1', the information in file gw/sec_info is read. The gateway establishes from the entries in this file whether the user has the authority to start external programs.
Default value |
1 |
Dynamic |
Yes |
(*) but only if changing the parameter affords increased security, thus 0 -> 1 is allowed, 1 -> 0 is not allowed.
File with the security information for registered programs (see Access Controls for Registered Programs).
Unauthorized registration of programs can be prevented by maintaining the file reginfo in the data directory of the gateway instance.
If the file exists, the system searches for valid registration entries in this list. If there are none, the system searches, as up to now too, in the gw/sec_info file.
Default value |
<Data directory>/reg info
|
Dynamic |
Yes |
There are a number of additional parameters that control the behavior of the SAP Gateway in conjunction with SNC (Secure Network Communication).
Parameter |
Meaning |
Default value |
Dynamic |
snc/enable |
This parameter specifies whether the gateway accepts connections that protect the data via SNC. |
0 |
No |
snc/permit_insecure_comm |
This parameter specifies whether the gateway accepts connections without SNC. |
0 |
No |
snc/permit_insecure_start |
This parameter specifies whether the gateway may establish connections with programs that communicate without SNC. |
0 |
No |
snc/permit_common_name |
This parameter specifies whether the gateway can use a default SNC name specified by the parameter snc/identity/as, if an SNC name for the connection cannot be read from secinfo. |
0 |
No |
snc/gssapi_lib |
Path for the shared library of the security system in use. |
"" |
No |
snc/identity/as |
Identity of the gateway application server |
"" |
No |