Show TOC

Function documentationSecurity Parameters Locate this document in the navigation structure

 

The parameters described below are used to configure the gateway to ensure secure connections.

Integration

Refer also to Security Settings in the SAP Gateway.

Prerequisites

Your system must be configured for using the SNC interface.

Features

gw/acl_file

This parameter specifies the name of an ACL file. With an ACL (access control list) you can configure who is permitted to connect to the gateway.

Note Note

  • The same ACL file is used for the standard port and for the SNC port of the gateway.

  • If the specified ACL file does not exist or is erroneous, the gateway immediately closes.

End of the note.

Caution Caution

If the parameter is not set, access control is not valid.

End of the caution.

Default Setting

Empty (no ACL file is used)

Dynamic

No

For more information, see: Setting Up Access Control Lists (ACL)

gw/acl_mode

This parameter defines the behavior of the gateway, if an ACL file (gw/sec_info or gw/reg_info) does not exist.

The following values are permitted:

  • 0 : There is no restriction with starting external servers or registering servers.

    Recommendation Recommendation

    This setting should not be used in production operation.

    End of the recommendation.
  • 1 : External and registered servers are only permitted within the system (application servers of the same system). All other servers are rejected or have to be maintained in the respective files.

Default Setting

1

Dynamic

Yes

gw/sec_info

File with the security information.

Any unauthorized starting of external programs can be prevented by maintaining the file secinfo in the data directory of the gateway instance.

Default Setting

<Data-Directory>/secinfo

Dynamic

Yes

For more information, see: Making Security Settings for External Programs

gw/tcp_security

These parameters can be used to protect external programs against being started.

If this parameter has the value 1, the information in file gw/sec_info is read. The gateway establishes from the entries in this file whether the user has the authority to start external programs.

Default Setting

1

Dynamic

Yes

(*) but only if changing the parameter affords increased security, thus 0 -> 1 is allowed, 1 -> 0 is not allowed.

gw/reg_info

File with the security information for registered programs.

Unauthorized registration of programs can be prevented by maintaining the file reginfo in the data directory of the gateway instance.

If the file exists, the system searches for valid registration entries in this list. If there are none, the system searches, as up to now too, in the gw/sec_info file.

Default Setting

<Data directory>/reg info

Dynamic

Yes

For more information, see: Making Security Settings for External Programs

SNC Parameters

There are a number of additional parameters that control the behavior of the SAP Gateway in conjunction with SNC (Secure Network Communication).

Parameters

Meaning

Default value

Dynamic

snc/enable

This parameter specifies whether the gateway accepts connections that protect the data via SNC.

0

No

snc/permit_insecure_comm

This parameter specifies whether the gateway accepts connections without SNC.

0

No

snc/permit_insecure_start

This parameter specifies whether the gateway may establish connections with programs that communicate without SNC.

0

No

snc/permit_common_name

This parameter specifies whether the gateway can use a default SNC name specified by the parameter snc/identity/as, if an SNC name for the connection cannot be read from secinfo.

0

No

snc/gssapi_lib

Path for the shared library of the security system in use.

""

No

snc/identity/as

Identity of the gateway application server

""

No