At startup, the Trillium SAP Client logs on to SAP to retrieve the data dictionary structure definitions that are used in the interface of the RFC function calls from SAP to Trillium. After retrieving these structure definitions, the Trillium SAP Client logs off of SAP, registers itself with the SAP Gateway, and waits for RFC requests from SAP. The gateway registration process does not require a user ID and password. However, the brief initial logon to retrieve the structure definitions does require a user ID and password. By default, the Trillium SAP Client logs on to SAP with a user ID and clear text password which are configured in the trilSAP.cfg file.
In most cases, the SAP system can be reasonably protected by limiting the authorizations of the user ID that is used to retrieve the structure definitions and making this user a “communications user.” You should also use operating system security measures to deny read access to the trilSAP.cfg file for all users except the user who runs the Trillium processes. In situations where these security measures are insufficient and clear text passwords are absolutely forbidden, SAP Secure Network Communications (SNC) can be used to enable certificate-based logon.
While the examples used in this section show the configuration of SAP SNC on Windows, the SNC library can be used on any SAP supported platform.