Issue with encrypted stdin in solaris
hi all ..
i've found a following problem:
i need to build .bin file installer for customer .. i am used to use following way:
cat script.sh data.tgz > installer.binbut when trying from within script cut data.tgz part, returned file is encrypted and its type is changed
from :: data.tgz: gzip compressed data - deflate method
to :: foo.tgz: gzip compressed data - deflate method , extra field , original file name , comment , encrypted
it works like charm under Linux and under osx, i tested it under these two other NIXes. I created a example script which accepts both solaris and Linux:
#!/bin/sh
case `uname -s` in
Linux ) tar=`which tar`;;
SunOS ) tar=`ls /usr/sfw/bin/gtar || echo missing gtar binary 1>&2 && exit 1`;;
esac
sed '1,/^###\ end$/d' $0 | md5sum -;
sed '1,/^###\ end$/d' $0 | $tar tzvf -;
exit 0;
### endyou can put there some random .tgz file for testing ..
just for example, under solaris md5sum differs and gtar vomits following error message while trying to unpack extracted .tgz:
# ./installer.bin
09bd431049e6777a1f8db5c35bf00018 -
gzip: stdin is encrypted -- not supported
/usr/sfw/bin/gtar: Child died with signal 13
/usr/sfw/bin/gtar: Error exit delayed from previous errors^^ so i presume that the main problem is in message: *"gzip: stdin is encrypted -- not supported"*
Linux prints out a correct md5sum and content of archive for exactly same file ..
any idea please?
regards, daniel
thanks .. resolved .. it causes Sun flavoured sed .. perl produces correct cut data.tgz part this way:
# perl -ne 'if(/^### end$/) {$print=1; next}; print if $print' installer.bin | md5sum -; md5sum data.tgz
e8d365e3b01e2712fbddb85b240aca10 -
e8d365e3b01e2712fbddb85b240aca10 data.tgzresolved !!
regards, daniel
Similar Messages
-
We have an MPS 200 with J 4.6. We are having issues with encryption and the tech assigned to our TAC case informed us that version J 4.7.2 would resolve the issue per release notes (confirmed). Unfortunately we have been unable to install latest, J 4.7.2. Every time we select the 4000j472.tar.gz file, the MPS displays software upgrade failed. We have used IE 8, 9 and 11 and have opened them up as much as possible, still no joy. We have unzipped the file, but do not know which file to select for the install.
Would appreciate any assist.As the others have suggested - download the file again - and check that the MD5 Checksum (with something like WinMD5) of what you have downloaded matches what it should be (for J4.7.2 is b328946e6ca24f181c937d90d8e5cc12). Then upload the .tar.gz file as downloaded (wihtout extracting it).
Wayne
Please remember to rate responses and to mark your question as answered if appropriate. -
Installation issue with Weblogic610sp1_sol.bin for solaris platform?
Hi,
I have downloaded weblogic610sp1_sol.bin file for solaris platform and when i try to install, its is preparing to install & executing the file but suddenly throws an error saying
" error: can't find libjava.so."
Even i tried with other versions of weblogic also...
But same problem.....
I have installed jdk1.3.1 for solaris. I am able to install other java related programs & it is running successfully.
Any idea...
Thanks,
Dinesh.Hi.
Can you verify that the size of the file you downloaded is 90,941,843? Also post the checksum of the file. What version of Solaris are you installing on? Most folks having this problem
have a corrupted bin file.
Thanks,
Michael
Dinesh wrote:
Hi,
I have downloaded weblogic610sp1_sol.bin file for solaris platform and when i try to install, its is preparing to install & executing the file but suddenly throws an error saying
" error: can't find libjava.so."
Even i tried with other versions of weblogic also...
But same problem.....
I have installed jdk1.3.1 for solaris. I am able to install other java related programs & it is running successfully.
Any idea...
Thanks,
Dinesh.--
Developer Relations Engineer
BEA Support -
Issues with encrypt/decrypt
I got a system that is behaving strange what appears to be randomly.
I create a CURD cfc for this table and to store the password I use
Encrypt and when it's been red from the CFC it gets decrypt by the cfc.
Here is the few lines of code from the CFC that is in charge of it.
On update (same method is doen on crate as well):
<cfif isdefined("arguments.fu_password")>fu_password=<CFQUERYPARAM value="#left(encrypt(trim(arguments.fu_password), this.encKey),250)#" cfsqltype="cf_sql_varchar" maxlength="250">,</cfif>
On read (after I query the database):
<cfloop query="qReadFrontend_Users">
<cfset qReadFrontend_Users.fu_password[currentrow] = #Decrypt(qReadFrontend_Users.fu_password[currentrow], this.encKey)#>
</cfloop>
It worked well (I use this method everywhere I need to save the data encrypted) for a long time, and IT STILL works well on my server. But about 2 months a go I started to get errors that the input/output of the encryption is not the same.
The MUST strange thing is that the errors will be sent to me WITOUT the page being viewed been relocated to the error page (which is what happens when an error accurse on that system). And on top of that the CFC would RETURN the SQL with the RIGTH INFO !! IE it decrypts the info but yet say there was a problem.
I then added this to the CFC …
<cftry> <!--- THIS IS A TEST --->
<cfloop query="qReadFrontend_Users">
<cfset qReadFrontend_Users.fu_password[currentrow] = #Decrypt(qReadFrontend_Users.fu_password[currentrow], this.encKey)#>
</cfloop>
<cfcatch type="any">
<cfmail from="****" to="*****" subject="FRONT END USERS CFC CF CATCH EMAIL !!!!" type="html">
cfcatch:
<cfdump var="#cfcatch#">
<BR><BR>
arguments:
<cfdump var="#arguments#">
<BR><BR>
Query
<cfdump var="#qReadFrontend_Users#">
<BR><BR>
this
<cfdump var="#this#">
<BR><BR>
cgi
<cfdump var="#cgi#">
</cfmail>
<cfreturn qReadFrontend_Users>
</cfcatch>
</cftry>
And I started getting emails. in all of the emails the RETRURNED query is fine, as I mentioned above.
I also checked the DB, outputting each row and its decrypt password, the problems is not in the DATA IT SELF, the data is k-ok !.
And again this happens totally on random, no pattern to it what so ever.
My Q' is, did any one encountered something like this?
My first guess was that the SQL is not ok in some why, but I have NO idea what to look for.
Please HELP : )Sorry, I have solved this problem, Thank you.
-
I/O issues with Oracle Financials on Solaris (Is this normal ?)
Oracle Financials: Constant and High "Read" I/O:
Problem Description:
Most of the I/O on all of our 3 Oracle Financial 11.5.9 servers is read intensive and they are all going against 2 HOT applsys database files causing constant high I/O even when the application is not in use.
Example:
r/s w/s kr/s kw/s wait actv wsvc_t asvc_t %w %b s/w h/w trn tot device
274.7 8.6 2197.2 19.2 0.0 0.4 0.0 1.6 0 44 0 0 0 0 c4t0d0s0
674.7 5.6 5397.7 11.6 0.0 2.3 0.0 3.4 0 100 0 0 0 0 c6t0d0s0
extended device statistics ---- errors ---
r/s w/s kr/s kw/s wait actv wsvc_t asvc_t %w %b s/w h/w trn tot device
434.6 6.0 3476.5 16.6 0.0 0.8 0.0 1.8 0 58 0 0 0 0 c4t0d0s0
838.1 3.4 6704.6 7.5 0.0 2.0 0.0 2.4 0 98 0 0 0 0 c6t0d0s0
Hardware: Single Node Sun V880 2 Instances - SUN DAS Storage
The A1000 DAS Array is configured for random I/O
Operating System Modifications:
I have toggled with the Filesystem mount options noatime,forcedirectio,logging but it did not make a difference.
The Solaris Directory Name Lookup Cache hits is 98% - OK
The buffer_cache_lookups & buffer_cache_hits numbers are very close - OK
Question:
I am pretty sure distributing the applsys tablespace and across six file systems will help?
What is the best way to do this in Oracle Financials?
If you are running solaris please run the following command and share your output.
# iostat -xPne 20 | nawk '( /r\/s/ || $1 > 200 ) && ! /:/'Pl do not post duplicate threads - Oracle XE is not running on startup
-
Issues with jbdc logging on solaris and windows enviroment
Hi All,
I tried to enable JDBC logging on my app server (tried on Solaris and Windows)and
i am facing issues. It would be great if someone can share their experiences.
SOLARIS ISSUE:
<Mar 12, 2003 8:09:36 PM PST> <Notice> <Management>
<Mar 12, 2003 8:09:52 PM PST> <Notice> <WebLogicServer> <Starting WebLogic Admin
Server "xyz" for domain "abc">
<Mar 12, 2003 8:09:57 PM PST> <Emergency> <Server> <Unable to initialize the server:
'Fatal initialization exception
Throwable: java.lang.NullPointerException
java.lang.NullPointerException
at weblogic.jdbc.common.JDBCService.initLog(JDBCService.java:231)
at weblogic.jdbc.common.JDBCService.initialize(JDBCService.java:57)
at weblogic.t3.srvr.ServerServiceList.initialize(ServerServiceList.java:48)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:492)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:206)
at weblogic.Server.main(Server.java:35)
WINDOWS:
DriverManager.initialize: jdbc.drivers = null
JDBC DriverManager initialized
registerDriver: driver[className=oracle.jdbc.driver.OracleDriver,oracle.jdbc.driver.OracleDriver@1bfaff]
DriverManager.getDriver("jdbc:oracle:thin:@172.16.10.150:1521:vtpsr")
trying driver[className=oracle.jdbc.driver.OracleDriver,oracle.jdbc.driver.OracleDriver@1bfaff]
getDriver returning driver[className=oracle.jdbc.driver.OracleDriver,oracle.jdbc.driver.OracleDriver@1bfaff]
SQLException: SQLState(null) vendor code(17055)
java.sql.SQLException: Invalid character encountered in: failAL32UTF8Conv
at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:134)
at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:179)
at oracle.jdbc.dbaccess.DBError.check_error(DBError.java:1130)
at oracle.jdbc.dbaccess.DBConversion.failAL32UTF8Conv(DBConversion.java:2762)
at oracle.jdbc.dbaccess.DBConversion.javaCharsToAL32UTF8Bytes(DBConversion.java:2678)
at oracle.jdbc.dbaccess.DBConversion.stringToAL32UTF8Bytes(DBConversion.java:2624)
at oracle.jdbc.dbaccess.DBConversion.stringToAccessCharBytes(DBConversion.java:391)
at oracle.jdbc.dbaccess.DBConversion.StringToCharBytes(DBConversion.java:456)
at oracle.jdbc.ttc7.O3log.setSessionFields(O3log.java:796)
Thanks,
SureshInfact it is same issue for both environments...
It is
java.sql.SQLException: Invalid character encountered in: failAL32UTF8Conv
at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:134)
at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:179)
at oracle.jdbc.dbaccess.DBError.check_error(DBError.java:1130)
at oracle.jdbc.dbaccess.DBConversion.failAL32UTF8Conv(DBConversion.java:2762)
at oracle.jdbc.dbaccess.DBConversion.javaCharsToAL32UTF8Bytes(DBConversion.java:2678)
at oracle.jdbc.dbaccess.DBConversion.stringToAL32UTF8Bytes(DBConversion.java:2624)
at oracle.jdbc.dbaccess.DBConversion.stringToAccessCharBytes(DBConversion.java:391)
at oracle.jdbc.dbaccess.DBConversion.StringToCharBytes(DBConversion.java:456)
at oracle.jdbc.ttc7.O3log.setSessionFields(O3log.java:796)for both enviroments..
Please let me know if any of u guys came across this before.
Thanks,
Suresh
"suresh maram" <[email protected]> wrote:
>
Hi All,
I tried to enable JDBC logging on my app server (tried on Solaris and
Windows)and
i am facing issues. It would be great if someone can share their experiences.
SOLARIS ISSUE:
<Mar 12, 2003 8:09:36 PM PST> <Notice> <Management>
<Mar 12, 2003 8:09:52 PM PST> <Notice> <WebLogicServer> <Starting WebLogic
Admin
Server "xyz" for domain "abc">
<Mar 12, 2003 8:09:57 PM PST> <Emergency> <Server> <Unable to initialize
the server:
'Fatal initialization exception
Throwable: java.lang.NullPointerException
java.lang.NullPointerException
at weblogic.jdbc.common.JDBCService.initLog(JDBCService.java:231)
at weblogic.jdbc.common.JDBCService.initialize(JDBCService.java:57)
at weblogic.t3.srvr.ServerServiceList.initialize(ServerServiceList.java:48)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:492)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:206)
at weblogic.Server.main(Server.java:35)
WINDOWS:
DriverManager.initialize: jdbc.drivers = null
JDBC DriverManager initialized
registerDriver: driver[className=oracle.jdbc.driver.OracleDriver,oracle.jdbc.driver.OracleDriver@1bfaff]
DriverManager.getDriver("jdbc:oracle:thin:@172.16.10.150:1521:vtpsr")
trying driver[className=oracle.jdbc.driver.OracleDriver,oracle.jdbc.driver.OracleDriver@1bfaff]
getDriver returning driver[className=oracle.jdbc.driver.OracleDriver,oracle.jdbc.driver.OracleDriver@1bfaff]
SQLException: SQLState(null) vendor code(17055)
java.sql.SQLException: Invalid character encountered in: failAL32UTF8Conv
at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:134)
at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:179)
at oracle.jdbc.dbaccess.DBError.check_error(DBError.java:1130)
at oracle.jdbc.dbaccess.DBConversion.failAL32UTF8Conv(DBConversion.java:2762)
at oracle.jdbc.dbaccess.DBConversion.javaCharsToAL32UTF8Bytes(DBConversion.java:2678)
at oracle.jdbc.dbaccess.DBConversion.stringToAL32UTF8Bytes(DBConversion.java:2624)
at oracle.jdbc.dbaccess.DBConversion.stringToAccessCharBytes(DBConversion.java:391)
at oracle.jdbc.dbaccess.DBConversion.StringToCharBytes(DBConversion.java:456)
at oracle.jdbc.ttc7.O3log.setSessionFields(O3log.java:796)
Thanks,
Suresh -
Issue with booting a virtual Solaris 10 server from within VMWARE vCenter
Hi All,
I'm currently experiencing the following challenge, maybe someone knows what's up with this;
We're using vmware to deploy a number of solaris servers to our developers but one of the servers keeps booting into single usermode instead of booting straight into the multiuser mode, when the server has booted you can go into multiuser mode manually but it would be great if it would go in an automatic way.
Thanks in advance for your help/advice!
-EdgarThanks for answering and here's the answer to your questions;
menu.lst;
default 0
timeout 10
splashimage /boot/grub/splash.xpm.gz
title Solaris 10 5/09 s10x_u7wos_08 X86
findroot (pool_rpool,0,a)
kernel$ /platform/i86pc/multiboot -B $ZFS-BOOTFS
module /platform/i86pc/boot_archive
title Solaris failsafe
findroot (pool_rpool,0,a)
kernel /boot/multiboot kernel/unix -s
module /boot/x86.miniroot-safe
svcprop;
general/enabled boolean true
general/entity_stability astring Unstable
general/single_instance boolean true
restarter/auxiliary_state astring none restarter/next_state astring none
restarter/state astring online
restarter/state_timestamp time 1332760063.866631000
restarter/start_pid count 10
restarter/contract count 4
restarter/alt_logfile astring /etc/svc/volatile/svc.startd.log
restarter/logfile astring /var/svc/log/svc.startd.log
system/reconfigure boolean false
tm_common_name/C ustring master\ restarter
tm_man_svc_startd/manpath astring /usr/share/man
tm_man_svc_startd/section astring 1M
tm_man_svc_startd/title astring svc.startd
Thanks!
Regards,
Edgar -
LMS 3.2 - restorebackup.pl issues with /var permissions on Solaris 10
Hi,
I have been attempting a restore using the restorebackup.pl script but it was repeatedly failing 70% of the way through the RME restore.
I discovered that the script was changing the directory permissions for /var and /var/adm from root:sys 755 to root:root 700 causing the restart of daemons to fail because of denied permissions.
What could be causing this change in permissions to /var and /var/adm to occur? Is it an error with the script?
I was able to successfully restore using the restorebackup.pl script after changing the /var and /var/adm permissions back to root:sys 755 BUT only after the restorebackup script had changed them to root:root 700 during execution.
The failed log is attached.There is no where in the restore code where anything is explicitly chmod'd to 0700. In fact, the RME restore code will attempt to preserve ownership of /var and /var/adm. Perhaps the permissions in your RME filebackup.tar file are already 0700 for /var and /var/adm?
-
ASE157 - Permission issue with BCP out under Solaris
With ASE15.7 SP60 on Solaris10 u11, when data is bulk copied out using Sybase’s bcp utility, the output file generated is having permissions Read/Write for the owner and Read for the group and no permissions for others even if the umask specifies different permissions.
sybase15@server:/sybdata2/backup
!> umask
0022
If I try to create a file, I get the expected file permissions:
sybase15@server:/sybdata2/backup
!> touch test
sybase15@server:/sybdata2/backup
!> ls -l test
-rw-r--r-- 1 sybase15 sybase 0 Mar 21 16:59 test
But bcpout grant different permissions:
sybase15@server:/sybdata2/backup
!> bcp db..table out /sybdata2/backup/table.bcp -Sservername -Uuser -Pxxx -c -t'(¨)' -r'(¯)\n'
Starting copy...
27 rows copied.
Clock Time (ms.): total = 16 Avg = 0 (1687.50 rows per sec.)
sybase15@server:/sybdata2/backup
!> ls -l
-rw-r----- 1 sybase15 sybase 3150 Mar 21 16:42 table.bcp
Any idea?This was a deliberate change made under CR 683458 in BCP version 15.7 ESD 4, to adopt SAP's more stringent "secure by default" policy.
A new feature has been developed that gives bcp a --filemode option that can be used to specify a less restrictive permission setting. This new feature becomes available in the connectivity 15.7 SP120 and 16.0 GA C1 releases.
Documentation: --filemode Option for isql and bcp
-bret -
Provisioning issues with password changes
I have installed and configured IDM7.1+sp3 with our AS Java portal. Most features seems to work OK, except:
1.1. Changing fullname, display name, address, etc work - but salutation or title info doesn't display correctly (only when language independant).
1.2. Can lock the user - but not unlock.
1.3. Can change password (self service or via Management tab) - but password "disappears" and user can't login again via the UI or directly thru the LogonGUI.
1.4. If the user's password expires, he gets prompted to change it - this change works fine.
After "devouring" all the documentation I could fine... I read in the Release Notes the following:
2.1. Users are authenticated by the SAP NetWeaver AS Java (and not by the Identity Center). The password policy of the Identity Center is not used.
= enabling or disabling "password provisioning" in the Password Policy tab makes no difference then?
2.2 The login task does no longer exist since the authentication is done by the SAP NetWeaver AS Java (UME).
= ok I get this part...
2.3 Change of password is handled by SAP NetWeaver AS Java (UME) and the change password task is no longer available.
= so the Password Reset tab is also "pointless"?
2.4 A user's MSKEYVALUE is used as the UME logon ID.
= right
2.5 Password reset is handled by SAP NetWeaver AS Java. See SAP NetWeaver Identity Management Identity Center Implementation Guide u2013 Self-service password reset for details
= (what should I do with this?) I did get this working but stopped with some error about the "encrypt password".
My SAP landscape is pretty standard (no custom fields/attributes) - so the IDM Provisioning framework should work "out of the box" - in my understanding...
Any ideas?
Sorry about the multiple postings - issue with proxy server. Pls ignore/remove the extras.Hi.
I try to give some answers based on my experience below:
1.1. Changing fullname, display name, address, etc work - but salutation or title info doesn't display correctly (only when language independant).
>> Have you checked that the user has correct language set in Java UME? Also check that in Presentation page of the corresponding Attribute the Display name parameter is set with corresponding languages used.
1.2. Can lock the user - but not unlock.
>> Can you see any errors e.g. in Job Log? Would help to solve the issue
1.3. Can change password (self service or via Management tab) - but password "disappears" and user can't login again via the UI or directly thru the LogonGUI.
>> The reason might be the encryption of the password. Typically the UI should take care of the encrypting the password into MX_ENCRYPTED_PASSWORD attribute, especially when you're implementing tasks like Self Service Password Reset. I've noticed that when I disabled the Enable Password Provisioning option for the Identity Store, I got rid of the error regarding attribute MX_ENCRYPTED_PASSWORD and UI automatic encryption started to work. (In my case two way pwd provisioning is not needed) Otherwise if you have issues with encrypted password in your custom tasks, check whether the value is encrypted and use java script to encrypt the password when reading the value form the UI field and saving it to MX_ENCRYPTED_PASSWORD attribute, if applicable.
Hopefully this helps you even a bit.
Br. Jukka -
Getting error with sudo configuration on solaris 10
Valuable Member,
I have some issue with Sudo configuration on Solaris 10 (Sparc), I installed gcc & libiconv then install sudo package everything done well till I run "./configure" but when I run "make" its giving lots of error ... I am confused what I have to do ... Please tell me what exactly I have to do or what I am missing
---------------------------ERROR CUT-------------------------------------
# make
gcc -c -I. -I. -I/tmp/rsa -O2 -D__EXTENSIONS__ -D_PATH_SUDOERS=\"/etc/sudoers\" -D_PATH_SUDOERS_TMP=\"/etc/sudoers.tmp\" -DSUDOERS_UID=0 -DSUDOERS_GID=0 -DSUDOERS_MODE=0440 check.c
In file included from /usr/include/sys/wait.h:24,
from /usr/include/stdlib.h:22,
from check.c:31:
/usr/include/sys/siginfo.h:259: error: parse error before "ctid_t"
/usr/include/sys/siginfo.h:292: error: parse error before '}' token
/usr/include/sys/siginfo.h:294: error: parse error before '}' token
/usr/include/sys/siginfo.h:390: error: parse error before "ctid_t"
/usr/include/sys/siginfo.h:392: error: conflicting types for `__proc'
/usr/include/sys/siginfo.h:261: error: previous declaration of `__proc'
/usr/include/sys/siginfo.h:398: error: conflicting types for `__fault'
/usr/include/sys/siginfo.h:267: error: previous declaration of `__fault'
/usr/include/sys/siginfo.h:404: error: conflicting types for `__file'
/usr/include/sys/siginfo.h:273: error: previous declaration of `__file'
/usr/include/sys/siginfo.h:420: error: conflicting types for `__prof'
/usr/include/sys/siginfo.h:287: error: previous declaration of `__prof'
/usr/include/sys/siginfo.h:424: error: conflicting types for `__rctl'
/usr/include/sys/siginfo.h:291: error: previous declaration of `__rctl'
/usr/include/sys/siginfo.h:426: error: parse error before '}' token
/usr/include/sys/siginfo.h:428: error: parse error before '}' token
/usr/include/sys/siginfo.h:432: error: parse error before "k_siginfo_t"
/usr/include/sys/siginfo.h:437: error: parse error before '}' token
In file included from /usr/include/sys/procset.h:24,
from /usr/include/sys/wait.h:25,
from /usr/include/stdlib.h:22,
from check.c:31:
/usr/include/sys/signal.h:85: error: parse error before "siginfo_t"
In file included from /usr/include/stdlib.h:22,
from check.c:31:
/usr/include/sys/wait.h:86: error: parse error before "siginfo_t"
In file included from check.c:55:
/usr/include/signal.h:111: error: parse error before "siginfo_t"
/usr/include/signal.h:113: error: parse error before "siginfo_t"
*** Error code 1
make: Fatal error: Command failed for target `check.o'
---------------------END ERROR---------------------------
///Thanks
Mohammed TanvirHow did you install gcc, I don't think its working correctly.
There should be a copy of gcc installed with solaris 10 in /usr/sfw/bin.
I suggest you use that one instead.. -
Hi!
One of our customers is using the SNC Client Encryption solution to ensure encryption using SNC (based on Kerberos Technology) for their SAP GUI Dialog connections. They have lots of SAP backends DEV, QAS, PRD all with the SNC Client Encryption SNC Lib installed. The profile parameter snc/identity/as contains the following value: p:CN=SAP/<ServiceAccount>@<DOMAIN>.
Example: p:CN=SAP/[email protected]
The customer is using one AD Service Account "SNCServiceUser" with one registered SPN "SAP/SNCServiceUser" for all systems (yes, this is not recommended... but the case).
Important: All users use group entries in the SAP Logon (saplogin.ini). Means, for SAP logon the SNC name can not be manually configured on the SAP Front End. With group logons, the application server's SNC name is dynamically requested by the message server each time a SAP GUI connection is started. The SNC Name is greyed out in this case as dynamically obtained from the applications servers profile parameter snc/identity/as.
Now our customer implements SAP NetWeaver Single Sign-On 2.0 within his landscape. Based on the Secure Login Server 2.0 (SP3) he likes to use X.509 based authentication to his AS ABAP backends using SAP GUI SNC while others still use SNC Client Encryption.
Replacing the SNC Library on the AS ABAP
The Secure Login Library 2.0 (SP3) has been installed on one of the ABAP systems and the SNC Client Encryption SNC Library (which is based on SSO 1.0) is no longer used, thus we changed the parameter snc/gssapi_lib to point to the new SNC library. We removed the old PSE.ZIP containing the keytab and created the new SAPSNCSKERB.PSE incl. the keytab and proper credentials. To ensure parallel operation, we kept the snc/identity/as value as is = p:CN=SAP/[email protected].
After restarting the system with initialized Secure Login Library 2.0, still the SNC client encryption works fine for existing users.
The problem
We created on the Secure Login Server an SNC certificate for the AS ABAP which has the following X.509 Distinguised Name Fomat: CN=SAP/[email protected] This is to avoid having to change the snc/identity/as to an "real" X.509 DN which would lead to non-working SNC Client Encryption for all the other users using SAP GUI and logon groups.
As soon as we install the PSE via STRUST on the system the SNC Client Encryption solution stops working with error „Server refuses kerberos key exchange“.
As part of an pilot implementation we have installed Secure Login Client 2.0 (SP3) on some test PCs. The test PC with SLC is able to perform Single Sign-On with SNC based on X.509 (incl. Encryption) to the ABAP system.
Seems the SAP System now only tries to do X.509 based authentication thus key exchange fails. The problem is, we cannot change the snc/identity/as value because of the logon groups. If we were able to do so, we would in any case set the server identity to X.509 DN and in addition create the SAPSNCSKERB.PSE incl. keytab. This should work, as confirmed by SAP see this post.
Any ideas how to solve this and have both solutions in parallel?
Appreciate any help.
Regards,
CarstenHi all,
we was able to fix the issue. It was an issue with the customers cluster configuration and the $SECUDIR variable. This tricky issue leads to non working or sporadic working SNC Client Encryption...
This was how the configuration looks before:
Environment variable $SECUDIR is defined:
"/ABCDEF<SID>/usr/sap/<SID>/DVEBMGSxx/sec“
sapgenpse seclogin -l -v
running seclogin with USER="<SID>adm"
Credentials for username '<SID>adm':
0 (LPS:OFF):
(LPS:OFF): /ABCDEF<SID>/usr/sap/<SID>/DVEBMGSxx/sec/SAPSNCSKERB.pse
1 (LPS:OFF):
(LPS:OFF): /usr/sap/<SID>/DVEBMGSxx/sec/SAPSNCS.pse
After changing the $SECUDIR to "/usr/sap/<SID>/DVEBMGSxx/sec“ and re-creating the credentials, it worked like a charm.
As a result of this we can confirm, this configuration and SNC Client Encryption works with CommonCryptoLib in parallel to the SSO configuration.
And Valerie was right with 2. SLC starting from V. 1.0 SP2 PL3 was able to convert the CN= part of the SNC Name into an SPN, was my mistake. In addition SNC Client Encryption starting from Version 1 SP1 PL1 does this also.. just to make this clear
Thread closed hope this helps someone
Carsten -
Cisco Agent Desktop / Supervisor Desktop Issue with Full Disk Encryption
Has anyone had any issues related to running Cisco Agent Desktop or Cisco Supervisor Desktop on a machine running full disk encryption? Our desktop team installed full disk encryption software from Check Point, and it seams to be causing some issues with call monitoring, screen pops via workflow and connectivity to the UCCX server. It's not effecting every machine (that we know of), but the fix for us right now is to provide a desktop without the encryption software. I'm just wondering if this is related to us, or if there is any supporting documentation out there?
Any help is apprecicated.CAD for IPCCX v4 does not support windows 7. See compatibility matrix:
http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/crs/express_compatibility/matrix/crscomtx.pdf
In my experience if you already have CAD installed and you upgrade the OS (without a fresh rebuild) CAD will work - but it is NOT supported. You should test this though.
You will not be able to install the older version of CAD on windows 7, the installer will give you errors.
Brian
please rate helpful posts -
I m facing a problem with login to solaris 10
at time of login its showing ttymon: tmchild: exec service failed
i m not able to access this machine because of this.
Any one has any solution to this problem?Originally Posted by jerryrpiper
I have several HP/Compaq computers that are P4 2.4 Ghz with 512 meg of ram on the computers. The issue has to do with login. If I have a user that rebooted the computer and another user will login after that user the computer ask for the local workstation user name and password. I have tried this on my Dell computers and Brand new HP computer's and have no problems with them. Has any one come across this type of problem. This only happens on the S-510 and 530 models.
One thought...: Possibly a old Novell client installed on those models... I remember having an issue with users having to open the advanced login options, goto the windows login box. There the previous logged in user name needed to be cleared and login would be transparent again. -
Any known issues with SQL DB Link Synonyms joining on encrypted columns
Are there any known issues with accessing encrypted columns via a database link that is masked by a synonym?
We are experiencing unexpected results when the encrypted column is anti-joined through a not exists, to a local encrypted column of the same datatype The encrypted columns are person ids. If the expected person id is hard coded, the results return correctly. The local database is 10.2.0.4.0 and the link is to a 10.2.0.3.0 RAC.
Both enrollments and person_ids, below, are synonyms to the linked tables.
... From table_1 d
where ...
AND NOT EXISTS (SELECT 1
FROM enrollments x,
person_ids p
WHERE x.person_demo = p.person_demo
AND x.rept_inst = d.rept_inst
AND x.demo_time_frame = d.term_deg_grant
AND p.person_id_encrypted = '999999999')
vs.
... From table_1 d
where ...
AND NOT EXISTS (SELECT 1
FROM enrollments x,
person_ids p
WHERE x.person_demo = p.person_demo
AND x.rept_inst = d.rept_inst
AND x.demo_time_frame = d.term_deg_grant
AND p.person_id_encrypted = d.person_id_encrypted)milazzo74 wrote:
I am having the same problem...
http://www.milazzo.com.br/teste/projetos.php
It works fine in Firefox but loads forever in explorer 8...
The cause of the problem is not the same.
In your case it takes forever to load the thumbnails from flickr.com; the SpryDataSets without the loading of the thumbnails works as expected.
Remember that ALL of the thumbnails for each 60 odd projects are downloaded from flickr, that is about 1800 thumbnails.
Gramps
Maybe you are looking for
-
Cannot Print Full PDF File at a Time; only Page by Page
We have Adobe Reader 9 installed It is being run on a Windows XP User is able to open a pdf file and print to the printer without any problems ONE page at a time. Will not print full document in sequence. We have several computers and I've not had th
-
Sending Music signal from Nano into TV AV input to play on TV speakers
Have a Nano 4thgeneration. I just purchased the Apple Composite AV cable. Hooked it up to my TV's composite input (video, + Red/White audio). Played music on the Nano and hear nothing from the TV. The Nano manual talks about sending Video's from the
-
Is it normal for Plasma Tv's to have image retention
My Panasonic is 4 months old and lately I have seen image retention from one show to another. I see the retention with the house lights off and when the tv is on a dark screen but then it goes away.
-
View using Material master,Vendor master and PO tables
Hello folks. There is a requirement to create view using material master tables ( MARA,MARC,MARD,MAKT & MBEW ) , vendor master tables ( LFA1 & LFB1) and Purchase order tables ( EKKO & EKPO tables). I have created the attribute views for material and
-
I have Photo Shop Elements 11. How do I find the clone tool?
I have Photoshop Elements 11. How do I find the clone tool?