cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
☑ This topic is solved. Need further help from the community? Please sign in and ask a new question.
Mushy
Quartz | Level 8 Mushy
Quartz | Level 8
Go to Solution

Sudo user able to login via Mangement Console in one env but not another

Posted 12-08-2023 06:31 PM (483 views)

Hello,

 

We have a local linux user(amlbatch) that can be sudoed by other users.

We have  added this user in SMC(in all environmnets) and provided the SASAdmin group with default authentication .

when I login to test environmnment via applications such as EG, SMC or DI via amlbatch, I could login with any password or no password.

when I login to staging environmnment  via applications such as EG, SMC or DI via amlbatch, I could NOT login with any password or no password.

could anyone help me in find the reason for this behaviour?

 

Thanks,

Mushy

 

 

 

0 Likes
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: Sudo user able to login via Mangement Console in one env but not another

Posted 12-11-2023 10:12 AM (355 views)  |   In reply to Mushy
Normally, when authenticating to the Metadata Server (as you would when logging in to clients), the supplied credentials are passed from the Metadata Server to the host for authentication by way of the sasauth PAM configuration. It would not use sudo to assume the user's identity as on the host, so it sounds like you may have a different PAM configuration on the test and staging environments. Check the contents of /etc/pam.d/sasauth. You can also test this outside of the clients using PROC PERMTEST and examine the sasauth logs to see what is happening.

Using PROC PERMTEST to diagnose UNIX host authentication issues in SAS® 9.2 and later and in SAS® Viya®
https://sas.service-now.com/csm?id=kb_article_view&sysparm_article=KB0036227
--
Greg Wootton | Principal Systems Technical Support Engineer

View solution in original post

Reply
2 REPLIES 2
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: Sudo user able to login via Mangement Console in one env but not another

Posted 12-11-2023 10:12 AM (356 views)  |   In reply to Mushy
Normally, when authenticating to the Metadata Server (as you would when logging in to clients), the supplied credentials are passed from the Metadata Server to the host for authentication by way of the sasauth PAM configuration. It would not use sudo to assume the user's identity as on the host, so it sounds like you may have a different PAM configuration on the test and staging environments. Check the contents of /etc/pam.d/sasauth. You can also test this outside of the clients using PROC PERMTEST and examine the sasauth logs to see what is happening.

Using PROC PERMTEST to diagnose UNIX host authentication issues in SAS® 9.2 and later and in SAS® Viya®
https://sas.service-now.com/csm?id=kb_article_view&sysparm_article=KB0036227
--
Greg Wootton | Principal Systems Technical Support Engineer
Reply
Mushy
Quartz | Level 8 Mushy
Quartz | Level 8

Re: Sudo user able to login via Mangement Console in one env but not another

Posted 12-16-2023 01:42 PM (316 views)  |   In reply to gwootton
Your answer helped me to fix the problem.
0 Likes
Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 2 replies
  • ‎12-08-2023 06:31 PM
  • 484 views
  • 1 like
  • 2 in conversation