|
Security
How Hosts Handle Domains
When a user's credentials are authenticated, the domain allows
the user credentials to be further qualified in order to determine an identity on the SAS Metadata Server. However, a user might not need to specify a domain (or machine name) when they logon:
- For Windows host authentication, your host users might or might not specify domains when they log on.
- For host authentication for hosts other than Windows, host users do not typically specify domains when they log on.
Depending on the type of authentication provider, domains are handled as follows:
- Windows Host Authentication
-
For Windows host authentication:
If users specify a domain when they log on, the Windows host returns
that user domain (or machine name if it is a local account) for use in determining an identity on the SAS Metadata Server.
If users do not specify a domain when they log on, the Windows host system handles
the lack of domain as follows:
If the server was started with the AUTHPROVIDERDOMAIN system option to associate a domain with the HOSTUSER,
the Windows host authentication returns this domain for use in determining an identity on the SAS Metadata Server.
If the server was not started with the AUTHPROVIDERDOMAIN system option, the host-authentication provider looks
through all of the domains (searching the local machine first) for a match on the user ID. If a user ID match is found, the associated domain is returned.
Note: On Windows systems, if the AUTHSERVER option associates a domain with the HOSTUSER, the Windows host authentication
returns this domain as the default domain. If both AUTHPROVIDERDOMAIN and AUTHSERVER are specified,
the option that was specified first takes precedence.
- Host Authentication for Hosts Other Than Windows
- For host authentication for hosts other than Windows, users do not typically specify a domain when they logon. However,
the non-Windows host can return a domain for use in determining an identity on the SAS Metadata Server.
If the AUTHPROVIDERDOMAIN option was specified with a domain for the HOSTUSER, the host authentication returns this domain for use in determining
an identity on the SAS Metadata Server.
If the AUTHPROVIDERDOMAIN was not specified, the host authentication does not return a domain.
To understand how you define corresponding logins (fully qualified user IDs, passwords (optional), and authentication domains) for the SAS Metadata Server user and group definitions, see Defining Users, Groups, and Logins on the SAS Metadata Server.
|