Previous Page | Next Page

Authentication Mechanisms

Pluggable Authentication Modules (PAM)

PAM (Pluggable Authentication Modules)
Summary A supporting feature that extends UNIX host authentication to recognize an additional provider such as Active Directory. When a SAS server asks its UNIX host to validate a user's credentials, the host sends the user's ID and password to the configured additional provider for verification.1
Scope Affects all SAS servers that run on the UNIX host and rely on the host operating system to authenticate users. Typically, the metadata server and the workspace server use host authentication.
Benefits Can be used to enable users to use their Windows accounts to authenticate to a metadata server or workspace server that run on UNIX.
Limits
  • Not an alternative to storing user IDs in the metadata (that requirement applies to all configurations).

  • You can't use Integrated Windows authentication with this method. The SAS implementation of IWA is only for servers that run on Windows.

Use Optional
1 PAM extends the host's authentication process to recognize an additional provider; PAM doesn't modify the metadata server's behavior.

This mechanism is useful if both the metadata server and the workspace server are on UNIX and you want users to use Windows accounts to access these servers.

This mechanism can also be useful if one of these servers is on Windows, the other is on UNIX, and you want to avoid credential prompts for the workspace server. However, if you use PAM to resolve a mixed provider situation, users who access the workspace server must have two logins. One login should include the user's ID in its qualified form. The other login should include the same ID in short (unqualified) form. Both logins should be in the DefaultAuth authentication domain. Neither login should include a password. For example, a user's logins might look like this:

DefaultAuth | WIN\joe | (no password)
DefaultAuth | joe     | (no password)

For configuration instructions, see the Configuration Guide for SAS 9.2 Foundation for UNIX Environments at support.sas.com/installcenter.

See Also

Direct LDAP Authentication

Mixed Providers

Previous Page | Next Page | Top of Page