BookmarkSubscribeRSS Feed
Riana
Pyrite | Level 9

I'm working with kerberos and SAS on UNIX servers.There are three servers for sas, metadata, compute, and middle tier.
One of the kerberos components is KDC that has two other components:

Authentication Server(AS) and Ticket-granting Server(TGS).
AS has connection to User/service database to verify users.

 

My questions are:
- If KDC and user/service database should be install on a separate physical server OR on the metadata server?Or what should be install on metadata server?
- Kerberos has many components,for which one of them should a separate server(machine) be installed and where?

 

I read a PDF file that was released by SAS, 2013, but couldn't find answers to my questions.

 

Doriana

1 REPLY 1
JuanS_OCS
Amethyst | Level 16

Hi,

 

Kerberos has to be configured always wherever you want the IWA authentication. Which more generally is just the SAS Computer server, to enable users to authenticate against the AD when connecting with Enterprise Guide, interact with the FileSystem/shares or even with the Web.

You can do it on the Metadata server, but I think it is more secure to leave just the SAS Authentication.

 

Now, if besides IWA authentication, you want Single Sign On/SPNEGO on the web applications, then you need to configure Web Authentication, then IWA/Kerberos on the web.

 

I am not sure if I could answer, at least partially, your question. Please let me know.

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 1 reply
  • 991 views
  • 0 likes
  • 2 in conversation