https://communities.sas.com/t5/Administration-and-Deployment/Question-regarding-configuration-of-Kerberos-for-SAS-Logon/m-p/980745#M30508 <P>Hi&nbsp;<a href="https://communities.sas.com/t5/user/viewprofilepage/user-id/78975">@gwootton</a>&nbsp;</P> <P>&nbsp;</P> <P>Just thought of something... if I just configure "http" Kerberos authentication then I assume I do <EM>not</EM> need to enable any kind of delegation at all for the HTTP principal. What do you think?</P> <P>&nbsp;</P> <P>&nbsp;</P> Sun, 14 Dec 2025 11:48:36 GMT EyalGonen 2025-12-14T11:48:36Z https://communities.sas.com/t5/Administration-and-Deployment/Question-regarding-configuration-of-Kerberos-for-SAS-Logon/m-p/968088#M30024 <P>Hi experts,</P> <P>&nbsp;</P> <P>I am reading the doc for SAS Viya LTS 2024.09 about configuring Kerberos and something is not clear to me.</P> <P>I need to configure Kerberos just for inbound SAS Logon Manager and no outbound Kerberos to any data source - that is only for SAS Visual Analytics and SAS Studio users with no access to any external services/data sources.</P> <P>&nbsp;</P> <P>So, do I need to copy and modify only the sas-bases/examples/kerberos/<STRONG>http</STRONG> folder to site-config or do I need to also copy and modify&nbsp;sas-bases/examples/kerberos/<STRONG>sas-servers</STRONG> folder too?</P> <P>&nbsp;</P> <P>My doubt raises from the fact that it is my understanding that Kerberos is used only for inbound and outbound but not for internal authentication within SAS Viya so hence my confusion about whether the "sas-servers" folders is needed to be used or only the "http" folder is enough.</P> Wed, 04 Jun 2025 11:23:39 GMT https://communities.sas.com/t5/Administration-and-Deployment/Question-regarding-configuration-of-Kerberos-for-SAS-Logon/m-p/968088#M30024 EyalGonen 2025-06-04T11:23:39Z https://communities.sas.com/t5/Administration-and-Deployment/Question-regarding-configuration-of-Kerberos-for-SAS-Logon/m-p/969231#M30070 I think you'd only need to do http if you're just using Kerberos for SASLogon authentication and not for authenticating to downstream services. This would fall under "Configuring Kerberos Single Sign-On for the SAS Viya Platform" in the README.md in that http directory. Tue, 17 Jun 2025 20:13:10 GMT https://communities.sas.com/t5/Administration-and-Deployment/Question-regarding-configuration-of-Kerberos-for-SAS-Logon/m-p/969231#M30070 gwootton 2025-06-17T20:13:10Z https://communities.sas.com/t5/Administration-and-Deployment/Question-regarding-configuration-of-Kerberos-for-SAS-Logon/m-p/980745#M30508 <P>Hi&nbsp;<a href="https://communities.sas.com/t5/user/viewprofilepage/user-id/78975">@gwootton</a>&nbsp;</P> <P>&nbsp;</P> <P>Just thought of something... if I just configure "http" Kerberos authentication then I assume I do <EM>not</EM> need to enable any kind of delegation at all for the HTTP principal. What do you think?</P> <P>&nbsp;</P> <P>&nbsp;</P> Sun, 14 Dec 2025 11:48:36 GMT https://communities.sas.com/t5/Administration-and-Deployment/Question-regarding-configuration-of-Kerberos-for-SAS-Logon/m-p/980745#M30508 EyalGonen 2025-12-14T11:48:36Z https://communities.sas.com/t5/Administration-and-Deployment/Question-regarding-configuration-of-Kerberos-for-SAS-Logon/m-p/980790#M30510 I believe you are correct, no delegation would be needed if you're only authenticating to Viya and not expecting that authentication to then be used to authenticate to anything else. Mon, 15 Dec 2025 14:03:54 GMT https://communities.sas.com/t5/Administration-and-Deployment/Question-regarding-configuration-of-Kerberos-for-SAS-Logon/m-p/980790#M30510 gwootton 2025-12-15T14:03:54Z