| This post was kindly contributed by Blogging about all things SAS - go there to comment and to read the full post. |
Had an interesting experience with the new SAS 9.2 environment at a customer site.
We have got SAS 9.2 (actually SAS Grid but thats irrelevant for this post) installed on RedHat 5 Linux. As we are using Linux and not Windows we lose the standard integration with Active Directory. We didn’t want to implement PAM integration with AD (mainly because nobody can articulate clearly all the steps required to get it working).
So we were left with Host authentication. As we only had a few users in this phase thats not so bad, but as we have a few servers (i.e Grid) I really wanted a easy way to avoid creating userid’s on each server.
Aha I thought Ill use internal SAS user id’s and then get the user to inherit a trusted/host user id to run the SAS processes.
So I setup the user in Metadata with an internal id, made sure they didn’t have a standard user identity (i.e username/pwd against DefaultAuth). Also assigned the user to be a member of SAS General Servers (to inherit sassrv, planned to change this when it worked) and for extra fun added a OraAuth with a username/pwd for the Oracle DB and assigned the user as a member of that as well.
So into DI Studio and Information Map Studio as the user using the internal userid/pwd and:
- Connect to metadata – tick
- Access SAS app – tick
- Access and SAS Table – tick
- Run a query – tick
- Access the Oracle table – tick
- Run a query – tick
Now connect using EG 4.3 with same internal userid/pwd and:
- Access metadata – tick
- Access SAS App – nope
mmmmm talk to helpful onsite SAS installer, he could get it to work by adding DefaultAuth in the EG connection in the Auth Domain field. Ok try that and yip all good. So carry on testing.
- Access SAS App – tick
- Access SAS Table – tick
- Run query – tick
- Access Oracle Table – nope
mmmmm get a could not access Auth Domain.
So into some more tesing, worked out you can type what ever you ant in the Auth Domain connection to get this behaviour (i.e x would do the same as DefaultAuth).
As you do we tried all the combinations we could think of, and no cigar. So helpful SAS installer logged tech suport track and just go this back.:
How to Configure SAS Token Authentication
Followed the distructions and wahoo we have lift off.
So it looks like you can’t use the standard Username/Password authentication method if you want to use internal userid’s/passwords and EG 4.3.
But SAS Token Authentication does work.
Now to test all the other options to see if this change effects anything else, oh the joy of testing …..
| This post was kindly contributed by Blogging about all things SAS - go there to comment and to read the full post. |