Kerberos(SSO): throw RC4 away, adopt AES !
Hello, We can find on "SAP Community" site many nice tutorials explaining how to configure "Windows AD" authentication + SSO. Some of them are quite old or are recent copies from parts of old ones. In...
View ArticleRe: Kerberos(SSO): throw RC4 away, adopt AES !
Petit, Thank you providing this information. I have implemented this in my test environment and no issues so far. My environment details: AP/BO BI4.1 SP6 + AES-256 for Kerberos on 2012 R2: If you are...
View ArticleRe: Kerberos(SSO): throw RC4 away, adopt AES !
Hello, Yes, good idea since it is not actually a question but a best pratice and even a strong recommendation. Please quote this message in the Blog post and put here a link to the Blog post . Thanks....
View ArticleRe: Kerberos(SSO): throw RC4 away, adopt AES !
Hi Stéphane I have included the link to this discussion and mentioned any credits about this topic should be awarded to you. It is still waiting for moderators approval.
View ArticleClik here to view.
Re: Kerberos(SSO): throw RC4 away, adopt AES !
Hi, Thanks for credits. Did you write a full tutorial explaining what options to tick or untick in the properties of the service account used to run BO & Tomcat ? Example:Thanks for your work ! I...
View ArticleRe: Kerberos(SSO): throw RC4 away, adopt AES !
I din't include this information. I havn't heared anything for moderators yet, if you have time try submitting new blog post of document with detail instructions. I will let you know if there is any...
View ArticleRe: Kerberos(SSO): throw RC4 away, adopt AES !
Hi Bharath, Could you please inform whether the blog you mentioned has been approved and published yet? It would be interesting to know whether AES is the way to go, going ahead and what changes are...
View ArticleRe: Kerberos(SSO): throw RC4 away, adopt AES !
Hi, basically this is absolutley true and BI 4.1 is working with AES. You have to know that the Windows AD of a customer is a grown Application. Most of these (nearly all) where once based on Windows...
View ArticleRe: Kerberos(SSO): throw RC4 away, adopt AES !
Hi Seb, Thanks a lot for the confirmation. So we shall indeed proceed with AES as a best-practice in the future. Regards,Tejaswini
View ArticleClik here to view.
Re: Kerberos(SSO): throw RC4 away, adopt AES !
Stéphane,Why not write the blog yourself? You practically did so with this post. Cheers,Matt
View ArticleRe: Kerberos(SSO): throw RC4 away, adopt AES !
what about Ktpas command ? ktpass -out bosso.keytab -princ biservice@DOMAIN.INTERNAL -pass Password1 -kvno 255 -ptype KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NTreplace RC4-HMAC-NT with...
View ArticleRe: Kerberos(SSO): throw RC4 away, adopt AES !
Hi! I'd use AES256-SHA1 (employs AES256-CTS-HMAC-SHA1-96 encryption.) or AES128-SHA1 (employs AES128-CTS-HMAC-SHA1-96 encryption.) (source: Ktpass) Stéphane
View ArticleRe: Kerberos(SSO): throw RC4 away, adopt AES !
Stéphane, when you set up windwos AD on 2012 Server where did you place bscLogin.conf and krb5.ini files ? the root of C:\ and system directory structures, including c:\windows are protected by...
View ArticleRe: Kerberos(SSO): throw RC4 away, adopt AES !
Hi, The path is specified in Java Options : -Djava.security.auth.login.config=C:\Windows\bsclogin.conf-Djava.security.krb5.conf=C:\Windows\krb5.ini Did you try to put the right path to the folder...
View ArticleRe: Kerberos(SSO): throw RC4 away, adopt AES !
when you say java 6,7 and 8 is it regualr java which is installed in C drive ? or java comes with Data services for tomcat ?
View ArticleRe: Kerberos(SSO): throw RC4 away, adopt AES !
Hello, It's the Java used by BO. What exact release of BO are you using ? The Java release packaged with BO BI 4.1 SP7 is Java 7 but it is possible to use Java 8 (not packaged with BO). Regards, Stéphane.
View ArticleRe: Kerberos(SSO): throw RC4 away, adopt AES !
Hello All, Use this document to configure SSO SSO Configuration with Active Directory SAP Business Objects 4.2 (AES Encryption) Regards,Yogesh
View Article
