topic SAS Support for AIX SMD5 Authentication Algorithm in Administration and Deployment

SAS Support for AIX SMD5 Authentication Algorithm

TBarker — Fri, 17 May 2013 19:11:39 GMT

Does anyone know if SAS can support locally authenticating in AIX using the SMD5 algorithm instead of the default algorithm? Our UNIX admins recently converted to the SMD5 algorithm and as users change their network passwords and they go through the password manager, those users are subsequently being rejected by SAS authentication. If SAS does support the SMD5 algorithm, what does our UNIX admin need to do to make it work?

Re: SAS Support for AIX SMD5 Authentication Algorithm

PaulHomes — Fri, 17 May 2013 23:57:19 GMT

Have you seen SAS Usage Note 43919: Authentication on AIX 6.1 fails ? Could this apply to your situation? Can you say which version of SAS you're using, how you have your SAS authentication configured (PW, PAM, LDAP, etc), and how you have your AIX authentication configured? Can you post a sanitised version of your !SASROOT/utilities/bin/sasauth.conf file? If you follow the usage note link to the Config Guide and look in (for SAS 9.2) Chapter 3 "Post-Installation Configuration for User Authentication and Identification" you will also see how to create a sasauth debug log to help with troubleshooting. Perhaps you could post back any error messages or other clues. The SAS 9.3 version of the config guide for UNIX documents a few AIX specific options too (such as AIX_USE_AUTHENTICATE which looks interesting). In the documentation for the LDAP method it states that "sasauth supports crypt, SHA, and SSHA forms." - I'm not sure if this is the same list for the PW method on AIX but if you contact SAS technical support they should be able to clarify.

Re: SAS Support for AIX SMD5 Authentication Algorithm

TBarker — Tue, 21 May 2013 17:56:12 GMT

Paul, thank you for the response. I've forwarded this info on to our UNIX admin. Hopefully he will find the fix he needs in the config guide. I will post back whether this helps resolve the problem and what specifically worked, in case anyone else encounters this problem in the future.