SAS 9.1.3 Integration Technologies » Server Administrator's Guide


Implementing Authentication
Host Authentication
Setting the System Permissions on:
Windows NT
Windows 2000
Windows XP
UNIX
Specifying Default Host Domains
How Hosts Handle Domains
Trusted Authentication Mechanisms
Alternative Authentication Providers
Specifying Authentication Providers and Domains
How Servers Determine the Authentication Provider
Scenario
Security

Specifying Default Host Domains When Starting Servers That Only Use Host Authentication

When you start a server, or a spawner that starts a server, you can use the AUTHPROVIDERDOMAIN startup option to associate a domain with the host authentication provider. (To understand the different types of domains used in the host environment, Open Metadata Architecture, and SAS Integration Technologies security, refer to Overview of Domains). When a user connects to the server without a domain, the server can use the domain association to determine a domain.

  • On all hosts, when you associate a domain with the host authentication provider, if a user does not specify a domain in their credentials, the associated domain is used. For example, you might specify a default security domain APEX for the UNIX operating system; when a user connects without a domain, the domain APEX is used to locate the correct fully qualified user ID (in a login definition) on the SAS Metadata Server.

  • On hosts other than Windows, when you associate a domain with the host authentication provider, if a user specifies that domain with their credentials, the domain is removed from the credentials and the credentials are authenticated using the host authentication provider. If the user specifies a domain that is not the associated domain, the host authentication provider will not be able to authenticate the user.

    When you specify a domain for hosts other than Windows, you allow multiple hosts to have their login definitions appear as identical. For example, when starting the servers xyz.iyi.abc.com and xyz2.iyi.abc.com, you can use the AUTHPROVIDERDOMAIN option to assign the domain name "abcunix". When users log on to either server, the domain will be returned and their user ID will look identical because both servers use the same domain name (for example, "abcunix\abcmktg").

To associate a domain with the host authentication provider, on the SAS server or spawner startup command, specify the AUTHPROVIDERDOMAIN system option and associate a domain suffix with the host (HOSTUSER) authentication provider.

If you are only using host authentication to authenticate users that access the server, the AUTHPROVIDERDOMAIN option has the following syntax:

authproviderdomain HOSTUSER:domain
HOSTUSER
specifies that user IDs and passwords are authenticated by using the authentication processing that is provided by the host operating system.
domain
specifies a site-specific domain name. Quotation marks are required if the domain value contains blanks.

Note: The maximum length for the AUTHPROVIDERDOMAIN option value is 1,024 characters.

Note: In Windows operating environments, you can specify a authentication provider domain using either the AUTHPROVIDERDOMAIN system option or the AUTHSERVER system option. If both AUTHPROVIDERDOMAIN and AUTHSERVER are specified, the option that was specified first takes precedence.