Use
Kerberos Single Sign-On (SSO) is a secure method of logging on to the SAP system that simplifies the logon procedure. It is suitable if your clients use Windows 2000 or higher. The Application Server ABAP can run on the operating systems specified in the relevant Product Availability Matrix.
When your system is configured for SSO, an authorized user who has logged on to Windows can access the SAP system simply by selecting it in the SAP logon window or using a shortcut. There is no need to enter a user ID and password every time that the user logs on to the SAP system with SAP GUI for Windows. Therefore, SSO makes it easier for you to manage SAP system users.
The Microsoft Kerberos Security Service Provider (SSP) provides secure authentication plus encryption of the network communication. In contrast, SSO with Microsoft NTLM SSP, as described in the next section, does not provide encryption of the network communication.
When using the Kerberos wrapper library (gsskrb5.dll), the Microsoft Kerberos SSP might be interoperable with Kerberos implementations from other vendors and suppliers. However, we do not provide support for third-party libraries loaded at the BC-SNC interface. Documentation and support must be provided by the vendor(s)/supplier(s) of the third-party software. SAP SAP NetWeaver Single Sign-On and all third-party BC-SNC certified security products offer data integrity and privacy protection. To use these security features, you must obtain a product license.
Prerequisites
Activities
To implement SSO with the Microsoft Kerberos SSP, you have to take the following steps:
In the directory paths specified in the related topics, \%windir%\ refers to the location of the Windows directory corresponding to the Windows operating system release.