SAS 9.1.3 Integration Technologies » Server Administrator's Guide

Implementing Authentication

Host Authentication

Setting the System Permissions on:

	Windows NT
	Windows 2000
	Windows XP
	UNIX

Specifying Default Host Domains

How Hosts Handle Domains

Trusted Authentication Mechanisms

Alternative Authentication Providers

	Specifying Authentication Providers and Domains
	How Servers Determine the Authentication Provider
	Scenario

Prev | Next | Contents

Security

How Hosts Handle Domains

When a user's credentials are authenticated, the domain allows the user credentials to be further qualified in order to determine an identity on the SAS Metadata Server. However, a user might not need to specify a domain (or machine name) when they logon:

For Windows host authentication, your host users might or might not specify domains when they log on.
For host authentication for hosts other than Windows, host users do not typically specify domains when they log on.

Depending on the type of authentication provider, domains are handled as follows:

Windows Host Authentication

For Windows host authentication:

If users specify a domain when they log on, the Windows host returns that user domain (or machine name if it is a local account) for use in determining an identity on the SAS Metadata Server.
If users do not specify a domain when they log on, the Windows host system handles the lack of domain as follows:
- If the server was started with the AUTHPROVIDERDOMAIN system option to associate a domain with the HOSTUSER, the Windows host authentication returns this domain for use in determining an identity on the SAS Metadata Server.
- If the server was not started with the AUTHPROVIDERDOMAIN system option, the host-authentication provider looks through all of the domains (searching the local machine first) for a match on the user ID. If a user ID match is found, the associated domain is returned.
Note: On Windows systems, if the AUTHSERVER option associates a domain with the HOSTUSER, the Windows host authentication returns this domain as the default domain. If both AUTHPROVIDERDOMAIN and AUTHSERVER are specified, the option that was specified first takes precedence.

Host Authentication for Hosts Other Than Windows

For host authentication for hosts other than Windows, users do not typically specify a domain when they logon. However, the non-Windows host can return a domain for use in determining an identity on the SAS Metadata Server.

If the AUTHPROVIDERDOMAIN option was specified with a domain for the HOSTUSER, the host authentication returns this domain for use in determining an identity on the SAS Metadata Server.
If the AUTHPROVIDERDOMAIN was not specified, the host authentication does not return a domain.

To understand how you define corresponding logins (fully qualified user IDs, passwords (optional), and authentication domains) for the SAS Metadata Server user and group definitions, see Defining Users, Groups, and Logins on the SAS Metadata Server.