Hello,
I have a couple of questions, regarding authentication with Viya, when you select the full deployment.
But apparently it is not getting the sub trees, hence, if there are Interactive accounts and System accounts (such as 'cas'), on different CNs or OUs (as they generally are/should be) .. is there any way to tell the Environment Manager to do so?
Any guidance or pin-pointing to the right direction would be welcome! Many thanks in advance,
Kind regards,
Juan
I can help with PAM authentication.
How to set up the SAS-internal PAM configuration files?
SAS Viya 3.2 Administration / Authentication: How To Configure PAM
Hello @alexal,
many thanks, however, I already have gone through it and that link just states the obvious, I am afraid. I mentioned the 2 PAM files, and the link pin-points to the same 2 PAM files:
Both files are quite standard, not really useful as default. What is more important is that it says:
- Make any modifications to the file that are necessary for your environment.
Which points to the direction What are the necessary changes and based on what?
Either the documentation is missing something or I am.
I see you have experience, perhaps you can help with additional details?
Which points to the direction What are the necessary changes and based on what?
Based on you system settings. What you have in /etc/pam.d/system-auth or /etc/pam.d/system-auth-ac?
Hello @alexal,
alright, that makes sense, that based on system config.
Please let me share with you the current contents of that file:
#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth [default=1 success=ok] pam_localuser.so auth [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 1000 quiet_success auth sufficient pam_sss.so forward_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 1000 quiet account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password sufficient pam_sss.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session optional pam_oddjob_mkhomedir.so umask=0077 session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so
And as follow up: can anyone help me with the question 1? 🙂
Thanks in advance!
And as follow up: can anyone help me with the question 1?
This is not my area of support. I suggest you open a track, in order to contact the team which supports it.
Many thanks @alexal.
I also shared the contents of the system PAM file. What would it be your recommendation to modify the other files?
I made a couple of tries by myself (also in sas.postgres file, on an attempt to leave SAS out of the equation and test connection to PostgreSQL), but no success.
The SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment.
SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.
Find more tutorials on the SAS Users YouTube channel.