You can also apply SNC protection to data being printed.
This applies to both printing on the frontend computer (access method = F) and printing using SAPlpd (access method = S).
Printing on a frontend computer is automatically protected with SNC if the SAP GUI connection is SNC-protected.
When printing using SAPlpd (printing with access method = S), the AS ABAP spool work process is the initiator of the communication and the SAPlpd program on the printer server is the acceptor.
Initiator (AS ABAP)
To configure SAPlpd to use SNC protection, use the spool administration (transaction SPAD).
Prerequisites
Procedure
From the Spool Administration: Initial Screen (transaction SPAD):
A list of output devices appears.
The maintenance screen for the device appears.
If you select Only Authentication (QoP = 1), Integrity Protection (QoP = 2), or Privacy Protection (QoP = 3), then SNC is also activated.
Acceptor (SAPlpd)
On the accepting side (SAPlpd), you need to specify the SNC parameters in the win.ini file. You also need to specify additional options after starting SAPlpd.
Specifying SNC parameters in win.ini
Prerequisites
You want to protect the communication between the AS ABAP and SAPlpd with SNC. The following parameters are not necessary if you do not want to use SNC.
Procedure
SNC Parameters for SAPlpd
Parameter | Description | Required or Optional | Permitted Values | Default |
---|---|---|---|---|
gssapi_lib |
Path and file name of the gssapi library |
Required |
String value |
None |
Enable |
SNC activation indicator |
Required |
0,1 0=SNC disabled 1=SNC activated |
None |
identity/lpd |
SNC name of SAPlpd |
Required |
String value |
None |
Example
Example destination in the win.ini file:
[snc] enable=1 gssapi_lib=C:\SAP_Cryptolib\sapcrypto.dll identity/lpd=p:CN=saplpd.host5, OU=TEST01, O=myCompany, C=US
Specifying Additional SNC Options for SAPlpd
Prerequisites
You have started SAPlpd.
Procedure
From the Saplpd.log -SAPLPD dialog box:
The Secured connections screen appears.
The Authorized connections screen appears.
To add partner names to the list:
If you choose to accept all connections, then the name of the last accepted partner automatically appears in the Last authenticated connection initiator field. You can then add it to the list.
Result
The configuration is automatically saved in the win.ini file.