01-30-2012 09:56 AM
We have a number of new non-technical BI users who will eventually need to change their server (UNIX) passwords. I use PuTTY to log in and change my UNIX password, but I don't think that's a good solution for these end users. Is there a way to change one's server password in SAS? Maybe through a stored process? If not, is there a best practice or tool for non-technical users to manage their UNIX passwords?
01-30-2012 11:53 AM
There is no SAS tool for Unix password management.
Many sites now are choosing to configure their Unix systems to authenticate against LDAP or Active Directory, as this obviates the need for users such as these to manage their Unix passwords separately.
02-14-2014 01:35 PM
I have just implemented a OpenLDAP server and imported all the users from linux environment, this seems the best approach. There's also some very simple perl scripts over the web that allows users to change their password.
I'm facing some issues with the TLS/SSL authentication, when I attempt to log via tool, it returns an error message.. when I connect via SSH using the same user and pass, it works. In case you'd like to follow up, I have a topic opened hoping someone will help!
02-14-2014 01:47 PM
As already stated SAS cannot manage or bypass or superceed the OS security.
Still it is the best approach to have the OS securtiy well defined and rely on that. It can be secured to the higest requirements under the condition of cooperation and real support of that part of IT-staff.
When you have a central security approach you can get to RBAC and password propagation. When using Unix (Linux) systems the best thing arround is LDAP and LDAP being connected to a central password updata approach.
AD of Windows is also a LDAP implemtation, but that one can not be used for Unix. The reason is: it is missing the required id/gid definitions for users/groups used by Unix. This implies the need of a identity system for just propagating the password.
Remember that SAS is not aware of some user/security as seen with SSH. A password pop-up for change eg is impossible. You could have the situation that SAS is still working and SSH fails or the other way arround.