If you use the UNIX SAS^® authentication server sasauth on AIX to authenticate users using a blank or empty password, the server might become unresponsive.

Explanatory messages should be, but are not, written to the sasauth-debug.log file.

Select the Hot Fix tab in this Note to access the hot fix for this problem.

With the hot fix applied, the following enhanced behavior occurs:

• The SASFoundation/9.3/utilities/bin/sasauth.conf file includes a new option that enables rejection of zero-length passwords.
• If logging is enabled, explanatory messages are written to the log.
• Passwords from external stores (LDAP, AD) are rejected if expired.

NOTE: The hot fix replaces the file <SASHOME>SASFoundation/9.3/utilties/bin/sasauth.conf, so any changes that you have made to this file (changes to the METHODS= parameter, or to logging parameters) will be lost.
For this reason, you must create a backup of the file before you apply the hot fix.
Once the hot fix is applied, edit the new version of the sasauth.conf file to restore any previous customizations.

Do not overwrite the new version of the sasauth.conf file with the previous version.
The hot fix adds new option settings to the sasauth.conf file. These options are needed to exploit the additional features of the replacement sasauth module.

Operating System and Release Information

A fix for this issue for Base SAS 9.21_M3 is available at:

A fix for this issue for SAS Threaded Kernel Secure 9.3_M2 is available at: