Entering content frame

Function documentation Security Parameters Locate the document in its SAP Library structure

Use

The parameters described below are used to configure the gateway to ensure secure connections.

Integration

Refer also to Security Settings in the SAP Gateway.

Prerequisites

Your system must be configured for using the SNC interface.

Features

gw/sec_info

File with the security details (see Assigning Start Authorizations for External Programs).

Any unauthorized starting of external programs can be prevented by maintaining the file secinfo in the data directory of the gateway instance. 

Default value

<Data-Directory>/secinfo

 

Dynamic

Yes

gw/tcp_security

These parameters can be used to protect external programs against being started.

If this parameter has the value ‘1', the information in file gw/sec_info is read. The gateway establishes from the entries in this file whether the user has the authority to start external programs.

Default value

1

Dynamic

Yes

(*) but only if changing the parameter affords increased security, thus 0 -> 1 is allowed, 1 -> 0 is not allowed.

gw/reg_info

File with the security information for registered programs (see Access Controls for Registered Programs).

Unauthorized registration of programs can be prevented by maintaining the file reginfo in the data directory of the gateway instance.

If the file exists, the system searches for valid registration entries in this list. If there are none, the system searches, as up to now too, in the gw/sec_info file.

Default value

<Data directory>/reg info

 

Dynamic

Yes

SNC Parameters

There are a number of additional parameters that control the behavior of the SAP Gateway in conjunction with SNC (Secure Network Communication).

Parameter

Meaning

Default value

Dynamic

snc/enable

This parameter specifies whether the gateway accepts connections that protect the data via SNC.

0

No

snc/permit_insecure_comm

This parameter specifies whether the gateway accepts connections without SNC.

0

No

snc/permit_insecure_start

This parameter specifies whether the gateway may establish connections with programs that communicate without SNC.

0

No

snc/permit_common_name

This parameter specifies whether the gateway can use a default SNC name specified by the parameter snc/identity/as, if an SNC name for the connection cannot be read from secinfo.

0

No

snc/gssapi_lib

Path for the shared library of the security system in use.

""

No

snc/identity/as

Identity of the gateway application server

""

No

 

 

Leaving content frame