All,
The details given in the setup of SPnego for ABAP from this series videos assumes one APP/CI server:
http://scn.sap.com/docs/DOC-40178
The videos Only assumes one APP/CI server, and puts all the SNC/SPnego profile params in the INSTANCE profile. It also puts the Secure Login Library files in the /usr/sap/{SID}/{INSTANCE}/SLL directory.
So what if you have one CI/app and one pure app server? so would it be OK to put them in /sapmnt/{SID}/SLL? that is shared across CI/APP, of course the profile param would have to reflect that. or does it even matter when app servers are involved?
Would it be OK to put all the SNC/SPnego profile params in the DEFAULT.PFL ? SO then you would not have to enter them multiple times?
Also, when you execute the commands to create the keytab
{SLLDIR}/sapgenpse keytab -p SAPSNCSKERB.pse -a MYAD-ID@MYDOMAIN.COM
MUST you do the keytab stuff at the OS level twice? once for the APP/CI OS/server and once again on each pure app server?
our $SECUDIR is different depending on the CI and APP server:
/usr/sap/{SID}/DVEBMGS00/sec
/usr/sap/{SID}/D00/sec
Or would one time, for the CI/APP do this trick?
Hope that makes sense.
NICK