The parameters described below are used to configure the gateway to ensure secure connections.
Refer also to Security Settings in the SAP Gateway.
Your system must be configured for using the SNC interface.
This parameter specifies the name of an ACL file. With an ACL (access control list) you can configure who is permitted to connect to the gateway.
Note
The same ACL file is used for the standard port and for the SNC port of the gateway.
If the specified ACL file does not exist or is erroneous, the gateway immediately closes.
Caution
If the parameter is not set, access control is not valid.
Default Setting |
Empty (no ACL file is used) |
Dynamic |
No |
For more information, see: Setting Up Access Control Lists (ACL)
This parameter defines the behavior of the gateway, if an ACL file (gw/sec_info or gw/reg_info) does not exist.
The following values are permitted:
0 : There is no restriction with starting external servers or registering servers.
Recommendation
This setting should not be used in production operation.
1 : External and registered servers are only permitted within the system (application servers of the same system). All other servers are rejected or have to be maintained in the respective files.
Default Setting |
1 |
Dynamic |
Yes |
File with the security information.
Any unauthorized starting of external programs can be prevented by maintaining the file secinfo in the data directory of the gateway instance.
Default Setting |
<Data-Directory>/secinfo |
Dynamic |
Yes |
For more information, see: Making Security Settings for External Programs
These parameters can be used to protect external programs against being started.
If this parameter has the value 1, the information in file gw/sec_info is read. The gateway establishes from the entries in this file whether the user has the authority to start external programs.
Default Setting |
1 |
Dynamic |
Yes |
(*) but only if changing the parameter affords increased security, thus 0 -> 1 is allowed, 1 -> 0 is not allowed.
File with the security information for registered programs.
Unauthorized registration of programs can be prevented by maintaining the file reginfo in the data directory of the gateway instance.
If the file exists, the system searches for valid registration entries in this list. If there are none, the system searches, as up to now too, in the gw/sec_info file.
Default Setting |
<Data directory>/reg info |
Dynamic |
Yes |
For more information, see: Making Security Settings for External Programs
There are a number of additional parameters that control the behavior of the SAP Gateway in conjunction with SNC (Secure Network Communication).
Parameters |
Meaning |
Default value |
Dynamic |
---|---|---|---|
snc/enable |
This parameter specifies whether the gateway accepts connections that protect the data via SNC. |
0 |
No |
snc/permit_insecure_comm |
This parameter specifies whether the gateway accepts connections without SNC. |
0 |
No |
snc/permit_insecure_start |
This parameter specifies whether the gateway may establish connections with programs that communicate without SNC. |
0 |
No |
snc/permit_common_name |
This parameter specifies whether the gateway can use a default SNC name specified by the parameter snc/identity/as, if an SNC name for the connection cannot be read from secinfo. |
0 |
No |
snc/gssapi_lib |
Path for the shared library of the security system in use. |
"" |
No |
snc/identity/as |
Identity of the gateway application server |
"" |
No |