Architecting, installing and maintaining your SAS environment

SAS auto generating Kerberos TGT

Accepted Solution Solved
Reply
Frequent Contributor
Posts: 94
Accepted Solution

SAS auto generating Kerberos TGT

Hi all,

 

Outside of SAS Grid and outside of Hadoop...

 

Does anyone know if it's possible for SAS to automatically requests a TGT i.e. kinit when a user logs onto UNIX ?

 

I can include a call to kinit somewhere e.g. Workspace_Server_usermods.sh, but then I need a keytab file, which I'm trying to avoid.

 

I know the Object Spawner in SAS Grid can do this, but I'm looking for this functionality outside of Grid.

 

Thanks a mil,

Nico.


Accepted Solutions
Solution
‎06-20-2017 06:55 AM
SAS Employee
Posts: 126

Re: SAS auto generating Kerberos TGT

@nhvdwalt,

 

>> you have no idea how long I've looked for this

You are welcome.

 

>> Would I need to restart the Object Spawner ?

Yes, also you should add the following script to WorkspaceServer_usermods.sh

 

workspace_user=$(whoami)
workspace_user_ccaches=$(find /tmp -maxdepth 1 -user ${workspace_user} -type f -name "krb5cc_*" -printf '%T@ %p\n' | sort -k 1nr | sed 's/^[^ ]* //' | head -n 1)
if test ! -z "$workspace_user_ccaches"; then
echo "Most recent krb5 ccache found for '${workspace_user}' at '${workspace_user_ccaches}'."
echo "Cache last modified: $(stat -c%y ${workspace_user_ccaches})"
export KRB5CCNAME=$workspace_user_ccaches
echo "KRB5CCNAME has been set to ${KRB5CCNAME}."
else
echo "No krb5 credentials caches were found in /tmp for '${workspace_user}'."
fi


>> Is it possible to get notification for new posts on the site ?

Yes, you can subscribe to the topic or the board. Click on the wheel in the right top corner.

View solution in original post


All Replies
SAS Employee
Posts: 126

Re: SAS auto generating Kerberos TGT

@nhvdwalt,

 

If you configure PAM authentication and uncomment the following line in /<SASHome>/SASFoundation/9.4/utilities/bin/sasauth.conf:

 

PAM_SETCREDENTIALS=TRUE

 

The Kerberos ticket will be created every time when the sasauth process will be called.

 

Let me know if you have any questions.

Frequent Contributor
Posts: 94

Re: SAS auto generating Kerberos TGT

Thanks alexal, you have no idea how long I've looked for this Smiley Happy

 

If I test it through PROC PERMTEST, it's works, but not via Enterprise Guide. Would I need to restart the Object Spawner ?

 

Off topic.....Is it possible to get notification for new posts on the site ? I've looked through my settings but cannnot find anything.

 

Thanks,

Nico.

 

 

Solution
‎06-20-2017 06:55 AM
SAS Employee
Posts: 126

Re: SAS auto generating Kerberos TGT

@nhvdwalt,

 

>> you have no idea how long I've looked for this

You are welcome.

 

>> Would I need to restart the Object Spawner ?

Yes, also you should add the following script to WorkspaceServer_usermods.sh

 

workspace_user=$(whoami)
workspace_user_ccaches=$(find /tmp -maxdepth 1 -user ${workspace_user} -type f -name "krb5cc_*" -printf '%T@ %p\n' | sort -k 1nr | sed 's/^[^ ]* //' | head -n 1)
if test ! -z "$workspace_user_ccaches"; then
echo "Most recent krb5 ccache found for '${workspace_user}' at '${workspace_user_ccaches}'."
echo "Cache last modified: $(stat -c%y ${workspace_user_ccaches})"
export KRB5CCNAME=$workspace_user_ccaches
echo "KRB5CCNAME has been set to ${KRB5CCNAME}."
else
echo "No krb5 credentials caches were found in /tmp for '${workspace_user}'."
fi


>> Is it possible to get notification for new posts on the site ?

Yes, you can subscribe to the topic or the board. Click on the wheel in the right top corner.

Frequent Contributor
Posts: 94

Re: SAS auto generating Kerberos TGT

Thanks a mil, all working now Smiley Happy

☑ This topic is solved.

Need further help from the community? Please ask a new question.

Discussion stats
  • 4 replies
  • 165 views
  • 2 likes
  • 2 in conversation