3000930 - How to Switch Encryption Type from default rc4-hmac to AES256-SHA1 for Kerberos SSO to SAP HANA DB using Microsoft Windows Active Directory

Symptom

You are able to configure Kerberos SSO to SAP HANA DB using Microsoft Windows Active Directory with default encryption type rc4-hmac but you want to implement a safer encryption type, e.g. AES256-SHA1
You try to change the encryption type but you encounter one of following error message when you verify it with "python hdbkrbconf.py –v –V"

kinit: KDC has no support for encryption type while getting initial credentials

kvno: Wrong principal in request while decrypting ticket for <hdb/myhdbserver.mydomain.com@MYDOMAIN.COM>

Image /data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

Environment

HANA 1.0
HANA 2.0
Windows Server 2008 and higher (where strong encryption using AES 128/256 was introduced)

Product

SAP HANA 1.0, platform edition ; SAP HANA, platform edition 2.0

Keywords

KBA , HAN-DB-SEC , SAP HANA Security & User Management , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.