BookmarkSubscribeRSS Feed
MariaD
Barite | Level 11

Hi all,

 

I have two differents SAS versions running on the same machine. In one of it (SAS 9.2), we have several authentications domains, with their users and password, to connect to different external database defined on Metadata Server.

 

In the other one (SAS 9.4) the authentications domains were defined too, using exactly the same names. My question is, there are any way to extract only the users and passwords for these domains and update the new Metadata Server?

 

I was able to extract this information using a macro but, the password is encripted and SAS Management Console not allow me to enter the encripted password version. 

 

Regards,

7 REPLIES 7
alexal
SAS Employee

@MariaD,

 

The password from the metadata cannot be decrypted.

MariaD
Barite | Level 11

Hi @alexal,

 

Yes, I now that. I'm looking for other option, like "%mduchgv" macro, por exemple. That means, extract the information executing sas programming and update the new metadata server using programming too, not using SAS MC interface.

 

Regards,

alexal
SAS Employee

@MariaD,

 

Why are you storing passwords in the metadata?

MariaD
Barite | Level 11

Hi @alexal,

 

We have a group where, in Accounts tab, we have definen several logins (authentications domain, users and password) used to connect to external databases (please refers to Users 1 attached file). This same group are definen in the second installation, but if you see the second file attached, currently we don't have the password detail, only authentication domain and user. My question is, there are any way to update it, using SAS code, extracting these passwords from one metadata server to update the second metadata server?

 

Regards, 


Users 1.pngUsers 2.png
alexal
SAS Employee

@MariaD,

 

It is not necessary to store passwords in the SAS metadata. Anyway, I do know only one way to set the password in the metadata - by using SetPassword Metadata Utility. The passwords that you provide to this utility should be in clear text (not encrypted).

 

The SetPassword utility enables an unrestricted user to change passwords on one or more metadata login objects. The person who runs the utility must provide the new passwords as input. This utility can be used in conjunction with enterprise password provisioning/reset tools to drive password changes into the metadata server. Notes: This utility does not extract passwords from authentication providers. Nor does it update passwords used for metadata server internal authentication. (These accounts are usually in the form of username@SASPW.)

 

The utility is documented in the SetPassword.html file that is located in the /<SASHome>/SASPlatformObjectFramework/9.4 directory.

MariaD
Barite | Level 11

Ok, thanks

Kurt_Bremser
Super User

Basically, one has very few internal users (userid's that do not have a connection to the operating system or something like LDAP/Kerberos). Think users like sastrust@saspw.

For these users, set the passwords according to your documentation from the 9.2 install/config.

Userid's that connect to outside authentication sources need no passwords in metadata.

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 7 replies
  • 2703 views
  • 1 like
  • 3 in conversation