AUTHPROVIDERDOMAIN System Option

Associates a domain suffix with an authentication provider.
Valid in: Configuration file, SAS invocation
Category: Environment control: Initialization and operation
PROC OPTIONS GROUP= EXECMODES
Alias: AUTHPD
Note: This option can be restricted by a site administrator. For more information, see Restricted Options.

Syntax

In Windows and z/OS operating environments:
AUTHPROVIDERDOMAIN provider : domain
AUTHPROVIDERDOMAIN (provider–1 : domain–1<, …provider-n : domain-n> )
In UNIX operation environments:
AUTHPROVIDERDOMAIN \(provider–1 : domain–1<, …provider-n : domain-n> \)

Syntax Description

provider
specifies the authentication provider that is associated with a domain. The following are valid values for provider:
ADIR
specifies that the authentication provider be a Microsoft Active Directory server that accepts a bind containing user names and passwords for authentication.
HOSTUSER
specifies that user names and passwords be authenticated by using the authentication processing that is provided by the host operating system.
Windows specifics:Under the Windows operating environment, assigning the authentication provider using the HOSTUSER domain is the same as assigning the authentication provider using the AUTHSERVER system option. You might want to use the AUTHPROVIDERDOMAIN system option when you specify multiple authentication providers.
LDAP
specifies that the authentication provider use a directory server to specify the bind distinguished name (BINDDN) and a password for authentication.
domain
specifies a site-specific domain name. Quotation marks are required if the domain name contains blanks.

Details

SAS is able to provide authentication of a user through the use of many authentication providers. The AUTHPROVIDERDOMAIN= system option associates a domain suffix with an authentication provider. This association enables the SAS server to choose the authentication provider by the domain name that is presented.
When a domain suffix is not specified or the domain suffix is unknown, authentication is performed on the user ID and password by the host operating system.
Parenthesis are required when you specify more than one set of provider : domain pairs.
The maximum length for the AUTHPROVIDERDOMAIN option value is 1,024 characters.
To use the Microsoft Active Directory or LDAP authentication providers, these environment variables must be set in the server or spawner startup script:
  • Microsoft Active Directory Server:
    • AD_PORT=Microsoft Active Directory port number
    • AD_HOST=Microsoft Active Directory host name
  • LDAP Server:
    • LDAP_PORT=LDAP port number
    • LDAP_BASE=base distinguished name
    • LDAP_HOST=LDAP host_name
  • LDAP Server for users connecting with a user ID instead of a distinguished name (DN):
    • LDAP_PRIV_DN=privileged DN that is allowed to search for users
    • LDAP_PRIV_PW=LDAP_PRIV_DN password
      Note: If the LDAP server allows anonymous binds, then LDAP_PRIV_DN and LDAP_PRIV_PW are not required.
In addition to setting these environment variables, you can set the LDAP_IDATTR environment variable to the name of the person-entry LDAP attribute that stores the user ID if the attribute does not contain the default value of uid.

Example

The following examples show you how to specify the AUTHPROVIDERDOMAIN option:
  • -authpd ldap:sas causes the SAS server to send credentials for users who log on as anything@sas to LDAP for authentication.
  • -authpd adir:sas causes the SAS server to send credentials for users who log on as anything@sas to Active Directory for authentication.
  • -authproviderdomain (hostuser:'my domain', ldap:sas) causes the SAS server to send credentials for users who log on as the following:
    • When a user logs on as anything@'my domain', authentication is provided by the operating system authentication system
    • When a user logs on as anything@sas, authentication is provided by LDAP

See Also