I agree this is a very sticky issue.

Since we are planning our migration to SAS 9.2, we have also have the same question but will mostly likely leverage IWA if is available for us.

The reason for this is that many of our users end up locked their accounts before realizing they must reset their passwords.

This does not just impact just the SAS activity since this will also lock them out of their accounts on the their PCs, impact Outlook and network access.

The security is still in place and this will minimize impact on the users.

We have 500 current users and will expanding to 900 after our upgrade and migration - SAS EBI migration.

Which security method did you end up using ?

Yes we are in the same situation.

With V9.1.3 EBI, we had a limited roll-out of Add-In for MS Office. These users needed to host-authenticate to LINUX via PAM / POSIX to LDAP before being able to use the product in Excel.

Our network people have now automated the creation of POSIX attributes, we are still nervous about rolling this software out to 500-1000 desktops.

With V9.2, there are different authentication methods. We haven't looked at AMO for V9.2 yet, but will soon.

Just an update.

SAS V9.2, AMO V4.22 and the implementation of automated POSIX attribute values on eDirectory user profiles (using the LUM driver) means that AMO users can authenticate to SAS metadata repository just by using the normal PC LAN user ID and password.

-B-