 |
|
| Authentication Mechanisms |
Pluggable Authentication Modules (PAM)
| Summary | A supporting feature that extends UNIX host authentication to recognize an additional provider such as Active Directory. When a SAS server asks its UNIX host to validate a user's credentials, the host sends the user's ID and password to the configured additional provider for verification.1 |
| Scope | Affects all SAS servers that run on the UNIX host and rely on the host operating system to authenticate users. Typically, the metadata server and the workspace server use host authentication. |
| Benefits | Can be used to enable users to use their Windows accounts to authenticate to a metadata server or workspace server that run on UNIX. |
| Limits |
|
| Use | Optional |
| 1 PAM extends the host's authentication process to recognize an additional provider; PAM doesn't modify the metadata server's behavior. | |
This mechanism is useful if both the metadata server and the workspace server are on UNIX and you want users to use Windows accounts to access these servers.
This mechanism can also be useful if one of these servers is on Windows, the other is on UNIX, and you want to avoid credential prompts for the workspace server. However, if you use PAM to resolve a mixed provider situation, users who access the workspace server must have two logins. One login should include the user's ID in its qualified form. The other login should include the same ID in short (unqualified) form. Both logins should be in the DefaultAuth authentication domain. Neither login should include a password. For example, a user's logins might look like this:
DefaultAuth | WIN\joe | (no password) DefaultAuth | joe | (no password)
For configuration instructions, see the Configuration Guide for SAS 9.2 Foundation for UNIX Environments at support.sas.com/installcenter.
See Also
|
|
Copyright © 2011 by SAS Institute Inc., Cary, NC, USA. All rights reserved.