Host Authentication (Credential-Based)
|
A client supplies an
external user ID and password to a SAS server. The SAS server passes
the credentials to its host for authentication.
Note: Another form of host authentication,
Integrated Windows authentication (IWA), is documented separately.
|
|
-
Primarily used for direct connections
to the metadata server or OLAP server.
-
Not used for metadata-aware connections
to the OLAP server or stored process server.
-
Sometimes used for connections
to the workspace server.
|
|
No configuration is
required. Can enable users to log on to SAS applications with the
same credentials that they use in your general computing environment.
|
|
-
On a workspace server on Windows,
requires that users have the Windows privilege Log on
as a batch job.
-
Involves passing user IDs and passwords
across the network.
|
|
|
The following figure shows one example of how this mechanism
works:
The numbers in the figure
correspond to these actions:
-
The client obtains the
user's ID and password (interactively or through credential management).
The client sends those credentials to the target server.
-
The server passes the
credentials to its host for authentication.
-
The host passes the
credentials to its authentication provider.
-
After verifying that
the user ID and password correspond to a valid account, the host's
authentication provider returns the user's ID to the host.
-
The host returns the
user's ID to the SAS server.
-
The server accepts the
client connection.