BookmarkSubscribeRSS Feed
Barite | Level 11

When you use a batch-server or connect-server with a SAS EIP installation we noticed that there is no authentication (password validation to metadata server) done.

It uses the OS user-id as the identified user and proceeds with that one as the metadata context.

There is no IWA configured. It is Unix environment.

The WS is setup as host-authentication. With that one, you have to specify the OS user twice. Once for the metadata connection and another following after that for the OS SAS session.

The last one gets cached (stored possible to be breached) in the SAS metadata.  This is different as the batch/connect server. A strange difference between those two

Anyone found some information this is how it is designed and that it should work that way. Underpinning compliancy reasons.

---->-- ja karman --<-----
Opal | Level 21

I too have wondered why when you schedule a batch job in SAS Management Console that you have to enter your username/password again (both SAS 9.3 and 9.4). Your explanation makes perfect sense.

Our environment is Windows and our SMC connection uses IWA. It would be much better if batch scheduling could use those delegated credentials.

However the annoyances go further. If you change your password then you have to go and reschedule all of your batch jobs otherwise they wont run (we use LSF as our batch scheduler). Fortunately we only have a few batch jobs so it is not too big a deal. If you have a lot them though I imagine it would be a major inconvenience.

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 1 reply
  • 2 in conversation