gw/reg_info

Posted by — January 13, 2015 in SAP PARAMETER Leave a reply

Parameter

gw/reg_info

Short text

External security filename for gateway

Parameter Description

This parameter can be used to protect external programs against being registered. Unauthorized registration of programs can be prevented by maintaining the file reginfo in the data directory of the gateway instance.

If the file exists, the system searches for valid registration entries in this list. If not, the system searches as previously in the gw/sec_info file.

Using the reginfo file makes it possible to define the entries better than before.

The syntax of the entries in this file is as follows

TP=[tp] [HOST=[hostname]] [NO=[n]] [ACCESS=[hostname,…]] [CANCEL=[hostname,…]]

Certain programs can be allowed to register from an external host by specifying the relevant information.

Valid TP name:

No restriction : *

TP name : foo

Start of name : foo*

Valid host name:

No restriction : *

Host name: sapprod for example

IP address: 192.1.1.3

Domain : *.sap.com

Subnet address : 192.1.1.*

Examples of valid entries

TP=* All registrations allow HOST=* TP=foo* All registrations that start with foo,

but not f or fo

HOST=*.sap.com TP=* from domain *.sap.com, are all

Registrations allowed

If the TP name is specified without wildcards, the number of registrations allowed can be specified too.

Example

HOST=* TP=foo NO=1 , meaning that only one program can be registered with the

name foo. All other attempts to register a program with this name are rejected.

To control access from the client side too, you can define an access list for each entry. This is a list of host names that must comply with the rules above. *’ is not allowed however. If no access list is specified, the program can be used from any client. The local gateway where the program is registered always has access.

What is important here is that the check is made on the basis of hosts and not at user level.

for example HOST=* TP=foo ACCESS=*.sap.com

Program foo can only be used by hosts from domain *.sap.com. Access attempts coming from a different domain will be rejected.

The CANCEL list can be used to define whether other clients can teminate the registered program. The same rules apply for this list as for HOST or ACCESS,

for example HOST=* TP=foo ACCESS=*.sap.com CANCEL=*.wdf.sap.corp

Program foo can only be terminated by clients that have logged on from domain wdf.sap.corp.

Application Area

Gateway

Parameter Unit

File

Default Value

[Data directory]/reginfo

Who is permitted to make changes?

Customer

Operating System Restrictions

None

Database System Restrictions

None

Are other parameters affected or dependent?

None

Values allowed

File name

You May Also Like

jstartup/shutdown_timeout : Timeout for the jstart controller process to wait for shutdown of child processes

jstartup/security_level : Security level for jcontrol

jstartup/sdm_properties : Path to SDM properties file

jstartup/recorder : Flight recorder configuration

Leave a Reply?