cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
RupaJ
Lapis Lazuli | Level 10 RupaJ
Lapis Lazuli | Level 10

How to increase the kerberos ticket validity time/automate kerberos tickets in a SAS program

Posted 11-13-2018 10:44 AM (1293 views)

Hello,

 

We have IWA/SSO enabled on our SAS servers. So any time a user logs in to SAS Enterprise guide , a kerberos ticket is generated and that is valid only for 10 hours. After 10 hours, the users are required to login to a new session. Now, there are some of the SAS programs that run for more than 10 hours. In that case, is there a way to generate a kerberos ticket that is valid for X hours from a SAS program so they don't fail due to lack of a valid ticket? Is the same scenario possible on SAS linux server? 

 

Another question is -- Is it possible to automate generating the Kerberos tickets for users once the old ones expire instead of requiring to login to a new session. 

 

 

0 Likes
Reply
2 REPLIES 2
alexal
SAS Employee alexal
SAS Employee

Re: How to increase the kerberos ticket validity time/automate kerberos tickets in a SAS program

Posted 11-14-2018 11:28 AM (1242 views)  |   In reply to RupaJ

@RupaJ,

 

The default domain policy for "Maximum lifetime for service ticket" is 600 minutes. You need to contact your Windows/Kerberos administrator and increase the value in that option.

Another question is -- Is it possible to automate generating the Kerberos tickets for users once the old ones expire instead of requiring to login to a new session. 

Yes, you can do that via SSH script, but ticket renewal requires a user keytab.

0 Likes
Reply
sselvakumars
Calcite | Level 5 sselvakumars
Calcite | Level 5

Re: How to increase the kerberos ticket validity time/automate kerberos tickets in a SAS program

Posted 12-13-2021 06:59 PM (759 views)  |   In reply to alexal

Question on the same topic. I know running kinit command would refresh the session key for the current kerberos ticket. But  wondering, what happens when this happens during the sas hive batch job processing as the job is still running with old session key? Does it uses the same ticket with new session key for authentication again? 

0 Likes
Reply

Ready to join fellow brilliant minds for the SAS Hackathon?

Build your skills. Make connections. Enjoy creative freedom. Maybe change the world. Registration is now open through August 30th. Visit the SAS Hackathon homepage.

Register today!
Mastering the WHERE Clause in PROC SQL

SAS' Charu Shankar shares her PROC SQL expertise by showing you how to master the WHERE clause using real winter weather data.

Watch Mastering the WHERE Clause in PROC SQL on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 2 replies
  • ‎11-13-2018 10:44 AM
  • 1294 views
  • 0 likes
  • 3 in conversation