Hi,
I am new to SAS adn I would like to know how a user can change his initial password without the intervention of the SAS Administrator. If the admin has set an initial password, say 'HiWorld123' and if I would like to change it, then how can I do that?
What steps do I need to take to ensure that my login credentials are refreshed properly
Do you have the option of setting up PAM authentication so that it's passed on to LDAP or Active Directory?
That's how I've always done it. This way you can bypass having to deal with /etc/passwd maintenance.
Have users set up in LDAP and given a home directory (in my company I have to work with Unix Admins and Unix Security teams to get this done). Configure PAM module according to SAS documentation (on the compute/app tier server).
Start around page 10: http://support.sas.com/documentation/installcenter/en/ikfdtnunxcg/66380/PDF/default/config.pdf
That's going to depend on your set up quite a bit. In my old work place we logged into the server via Unix and changed our password using passwd. Then we also had to use SAS Profile Manager to change our password.
In our environment, users only have AD profile and they don't have Unix profile. SAS in installed on unix and accessed through windows clients. So they don't have an option to change their unix password.
When you say profile, I'm thinking of the fat SAS clients profiles. There each user has full access and can change passwords whenever they like.
But if you have policies to change the AD passwords quite often, I would set up some kind of IWA functionality, so the users doesn't have to supply their password when logging in.
Are we talking of Internal Accounts? They can at least be updated in SMC and in Personal Login manager.
What SAS version, and what SAS clients do the users use?
Do you have the option of setting up PAM authentication so that it's passed on to LDAP or Active Directory?
That's how I've always done it. This way you can bypass having to deal with /etc/passwd maintenance.
Have users set up in LDAP and given a home directory (in my company I have to work with Unix Admins and Unix Security teams to get this done). Configure PAM module according to SAS documentation (on the compute/app tier server).
Start around page 10: http://support.sas.com/documentation/installcenter/en/ikfdtnunxcg/66380/PDF/default/config.pdf
We are using SAS 9.4M3 and No these aren't internal accounts. The users access SAS using their windows AD userids., I mean domain\userid or userid@xyz.com.
If they're using Windows AD then they would change it using the Windows password manager, ie CTRL+ALT+DELETE.
Since you're setting their id and password, rather than just adding them to a user list that means that they likely have an ID of a different kind as well to access the server
Hi Reeza,
This is how I am trying to add a user. Do you mean I have to give their windows AD password in the password field, and if they change their AD login password, will it change the password that is set in SMC as well?
As LinusH said, you can set up IWA to be compatible with your Unix servers. See this document: http://support.sas.com/documentation/cdl/en/bisecag/63082/HTML/default/viewer.htm#n1d1zo1jsf2o0en1eh...
It's nice if users have to change password every 30 days or so, but I think setup is more complicated and likely involves third-party software (like Quest Authentication Services).
IMHO, it's alot easier to set up PAM authentication. Users would have to change password in their EG profile when they change their network password, though.
Timmy,
SAS Setup was already done and I am not sure if they are ready to accept implementing the alternate authentication mechanisms. Please let me know how a user can change his password once he changes his AD password/network password.
Ask somoene in your workplace, even a previous user can probably tell you. I'd be surprised if you don't have it documented in an user guide somewhere, unless you're just rolling out.
As mentioned there's no one specific way, because there are multiple ways to set up your environment. If that doesn't work, contact SAS tech support and open a ticket.
Thanks for your help Reeza and Timmy. Will try to test the PAM authentication. Thanks for your time
The SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment.
SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.
Find more tutorials on the SAS Users YouTube channel.