|
Security
Overview of Domains
Within the host environment, SAS Open Metadata Architecture, and SAS Integration Technologies security, there
are two types of domains used in basic security implementations. In addition, there
is a third type of domain that is used for alternate authentication providers.
In some cases, the domains names might be identical; however, it is important
to distinguish between these different types of domains for the case where your
implementation might require the different types of domains to be specified as different domain names.
- Security domains used by or associated with an authentication provider
- You can do both of the following:
define domains within the Windows operating system. For example, CARY and APEX.
when starting a server, specify a default domain to be used as the default security domain for the host operating system.
For example, you might specify a default security
domain APEX for the UNIX operating system; when a user connects without a domain,
the domain APEX is used to locate the correct fully qualified user ID (in a login definition) on the SAS Metadata Server. For details, see Specifying Default Host Domains.
- Authentication domains specified in the SAS Metadata Server resource definitions
- Within the SAS Open Metadata Architecture, the authentication domain is a logical grouping that associates resources and logins (user credentials) together.
An individual can use the same fully qualified user ID for any of the resources in the authentication domain.
- Authentication provider domain
- If you use an alternative authentication provider (such as LDAP or Microsoft Active Directory), you must specify an authentication provider domain
in the user connection request.
To authenticate to an alternative authentication provider (LDAP or Microsoft Active Directory), the connection request must
specify an authentication provider domain that has been associated (on the server startup command
AUTHPD option)
with that authentication provider. For example, APEX\user@LDAP , where LDAP
is the authentication provider domain.
For details, see Specifying Authentication Provider and Default Domains.
|