Enterprise Guide 4.3, Making it work with SAS Internal Userid’s

Had an interesting experience with the new SAS 9.2 environment at a customer site.

We have got SAS 9.2 (actually SAS Grid but thats irrelevant for this post) installed on RedHat 5 Linux.  As we are using Linux and not Windows we lose the standard integration with Active Directory.  We didn’t want to implement PAM integration with AD (mainly because nobody can articulate clearly all the steps required to get it working).

So we were left with Host authentication. As we only had a few users in this phase thats not so bad, but as we have a few servers (i.e Grid) I really wanted a easy way to avoid creating userid’s on each server.

Aha I thought Ill use internal SAS user id’s and then get the user to inherit a trusted/host user id to run the SAS processes.

So I setup the user in Metadata with an internal id, made sure they didn’t have a standard user identity (i.e username/pwd against DefaultAuth).  Also assigned the user to be a member of SAS General Servers (to inherit sassrv, planned to change this when it worked) and for extra fun added a OraAuth with a username/pwd for the Oracle DB and assigned the user as a member of that as well.

So into DI Studio and Information Map Studio as the user using the internal userid/pwd and:

  • Connect to metadata – tick
  • Access SAS app – tick
  • Access and SAS Table – tick
  • Run a query – tick
  • Access the Oracle table – tick
  • Run a query – tick

Now connect using EG 4.3 with same internal userid/pwd and:

  • Access metadata – tick
  • Access SAS App – nope

mmmmm talk to helpful onsite SAS installer, he could get it to work by adding DefaultAuth in the EG connection in the Auth Domain field.  Ok try that and yip all good.  So carry on testing.

  • Access SAS App – tick
  • Access SAS Table – tick
  • Run query – tick
  • Access Oracle Table – nope

mmmmm get a could not access Auth Domain.

So into some more tesing, worked out you can type what ever you ant in the Auth Domain connection to get this behaviour (i.e x would do the same as DefaultAuth).

As you do we tried all the combinations we could think of, and no cigar.  So helpful SAS installer logged tech suport track and just go this back.:

How to Configure SAS Token Authentication

Followed the distructions and wahoo we have lift off.

So it looks like you can’t use the standard Username/Password authentication method if you want to use internal userid’s/passwords and EG 4.3.

But SAS Token Authentication does work.

Now to test all the other options to see if this change effects anything else, oh the joy of testing …..

 

 

 

 

 

Share
Tags:    

2 Responses to Enterprise Guide 4.3, Making it work with SAS Internal Userid’s

  1. Dewyatt Stanfield on April 7, 2011 at 7:51 am

    Just a quick note here – we have SAS working with PAM authentication and it’s really pretty simple to do.

    First you need to get your OS authenticating to a pam type authentication setup – different OSes have different setups. We have Solaris 10 and we use Centrify for this, but others such as redHat and Ubunto have their own and work quite well.

    Then the trick is that SAS only cares about it’s own sasauth.conf file (located at /SASFoundation/9.2/utilities/bin). Change the default methods of pw to read pam pw, like so

    methods=pam pw

    Change that, restart everything and you can use pam for authentication now in SAS 9.2. You still have to have users defined in metadata and you still have to have the id in the metadata user match the pam id.

  2. Shane Gibson on April 7, 2011 at 3:50 pm

    Thanks for the great comment! Ill let you know how we go.

Leave a Reply

Your email address will not be published. Required fields are marked *

*