Hi all,
we was able to fix the issue. It was an issue with the customers cluster configuration and the $SECUDIR variable. This tricky issue leads to non working or sporadic working SNC Client Encryption...
This was how the configuration looks before:
Environment variable $SECUDIR is defined:
"/ABCDEF<SID>/usr/sap/<SID>/DVEBMGSxx/sec“
sapgenpse seclogin -l -v
running seclogin with USER="<SID>adm"
Credentials for username '<SID>adm':
0 (LPS:OFF):
(LPS:OFF): /ABCDEF<SID>/usr/sap/<SID>/DVEBMGSxx/sec/SAPSNCSKERB.pse
1 (LPS:OFF):
(LPS:OFF): /usr/sap/<SID>/DVEBMGSxx/sec/SAPSNCS.pse
After changing the $SECUDIR to "/usr/sap/<SID>/DVEBMGSxx/sec“ and re-creating the credentials, it worked like a charm.
As a result of this we can confirm, this configuration IS SUPPORTED and SNC Client Encryption works with CommonCryptoLib in parallel to the SSO configuration.
And Valerie was right with 2. SLC starting from V. 1.0 SP2 PL3 was able to convert the CN= part of the SNC Name into an SPN, was my mistake. In addition SNC Client Encryption starting from Version 1 SP1 PL1 does this also.. just to make this clear
Thread closed hope this helps someone
Carsten