BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
ktkv5
Obsidian | Level 7

Hi,

 

      I am new to SAS adn I would like to know how a user can change his initial password without the intervention of the SAS Administrator. If the admin has set an initial password, say 'HiWorld123' and if I would like to change it, then how can I do that?

What steps do I need to take to ensure that my login credentials are refreshed properly

1 ACCEPTED SOLUTION

Accepted Solutions
Timmy2383
Lapis Lazuli | Level 10

Do you have the option of setting up PAM authentication so that it's passed on to LDAP or Active Directory?

 

That's how I've always done it. This way you can bypass having to deal with /etc/passwd maintenance.

 

Have users set up in LDAP and given a home directory (in my company I have to work with Unix Admins and Unix Security teams to get this done).  Configure PAM module according to SAS documentation (on the compute/app tier server).

 

Start around page 10:  http://support.sas.com/documentation/installcenter/en/ikfdtnunxcg/66380/PDF/default/config.pdf

View solution in original post

14 REPLIES 14
Reeza
Super User

That's going to depend on your set up quite a bit. In my old work place we logged into the server via Unix and changed our password using passwd.  Then we also had to use SAS Profile Manager to change our password. 

ktkv5
Obsidian | Level 7

In our environment, users only have AD profile and they don't have Unix profile. SAS in installed on unix and accessed through windows clients. So they don't have an option to change their unix password. 

LinusH
Tourmaline | Level 20

When you say profile, I'm thinking of the fat SAS clients profiles. There each user has full access and can change passwords whenever they like.

But if you have policies to change the AD passwords quite often, I would set up some kind of IWA functionality, so the users doesn't have to supply their password when logging in.

Data never sleeps
LinusH
Tourmaline | Level 20

Are we talking of Internal Accounts? They can at least be updated in SMC and in Personal Login manager.

What SAS version, and what SAS clients do the users use?

Data never sleeps
Timmy2383
Lapis Lazuli | Level 10

Do you have the option of setting up PAM authentication so that it's passed on to LDAP or Active Directory?

 

That's how I've always done it. This way you can bypass having to deal with /etc/passwd maintenance.

 

Have users set up in LDAP and given a home directory (in my company I have to work with Unix Admins and Unix Security teams to get this done).  Configure PAM module according to SAS documentation (on the compute/app tier server).

 

Start around page 10:  http://support.sas.com/documentation/installcenter/en/ikfdtnunxcg/66380/PDF/default/config.pdf

ktkv5
Obsidian | Level 7

We are using SAS 9.4M3 and No these aren't internal accounts. The users access SAS using their windows AD userids., I mean domain\userid or userid@xyz.com. 

Reeza
Super User

If they're using Windows AD then they would change it using the Windows password manager, ie CTRL+ALT+DELETE.

Since you're setting their id and password, rather than just adding them to a user list that means that they likely have an ID of a different kind as well to access the server

ktkv5
Obsidian | Level 7

Hi Reeza,

          This is how I am trying to add a user. Do you mean I have to give their windows AD password in the password field, and if they change their AD login password, will it change the password that is set in SMC as well?

          SAS snip.JPG

Timmy2383
Lapis Lazuli | Level 10

As LinusH said, you can set up IWA to be compatible with your Unix servers.  See this document: http://support.sas.com/documentation/cdl/en/bisecag/63082/HTML/default/viewer.htm#n1d1zo1jsf2o0en1eh...

 

It's nice if users have to change password every 30 days or so, but I think setup is more complicated and likely involves third-party software (like Quest Authentication Services).

 

IMHO, it's alot easier to set up PAM authentication.  Users would have to change password in their EG profile when they change their network password, though.

ktkv5
Obsidian | Level 7

Timmy,

    SAS Setup was already done and I am not sure if they are ready to accept implementing the alternate authentication mechanisms. Please let me know how a user can change his password once he changes his AD password/network password. 

Reeza
Super User

Ask somoene in your workplace, even a previous user can probably tell you. I'd be surprised if you don't have it documented in an user guide somewhere, unless you're just rolling out.

 

As mentioned there's no one specific way, because there are multiple ways to set up your environment.  If that doesn't work, contact SAS tech support and open a ticket.

Timmy2383
Lapis Lazuli | Level 10
Yea, I'm not sure there is any way to sync the two without either having some third-party software that does it or just using alternate authentication method. The whole point of such alternate methods is to bypass having to manage the local /etc/passwd.

Setting up PAM is pretty easy. The SAS documentation is very precise.

If you have a Test environment then it might be worth reading over the SAS documentation and testing it out.

Sorry I can't be of more help.
ktkv5
Obsidian | Level 7

Thanks for your help Reeza and Timmy. Will try to test the PAM authentication. Thanks for your time

Timmy2383
Lapis Lazuli | Level 10
My pleasure. Good luck!

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 14 replies
  • 10102 views
  • 0 likes
  • 4 in conversation