Desktop productivity for business analysts and programmers

methods of login authentication

Reply
N/A
Posts: 0

methods of login authentication

I wonder what are the options available to cater for a large number of user logging into SAS from EG? Does it have to be pegged to the native account of the box, or can we use others, like active directory or LDAP? thanks for your advice in advance

-Josh
N/A
Posts: 0

Re: methods of login authentication

The best I can tell you is that yes, it can be done.

We have SAS's MetaData Server and have an automated process that pulls users and groups from Active Directory every night. This nightly refresh reduces user maintenance, but currently has a flaw in that static application users -- generally database accounts for applications -- aren't in AD for other security reasons and so can't be maintained in the User Manager. This interferes with defining database libraries within the MetaData Server. I expect that there is probably a way around this, but since I'm not the admin, it's out of my hands.
N/A
Posts: 0

Re: methods of login authentication

the sas server is now running on a unix box. is the EG client connecting to the unix boc still able to user its AD credentials in this case? I was wondering if SMC has a similar feature so that users logging into EG to run on a unix sas box can log in using their AD credentials Message was edited by: Joshua
N/A
Posts: 0

Re: methods of login authentication

The Unix admins will have to have implemented an LDAP login solution that is integrated with AD for that to work.

What I did previously, at a different place, was to have group logins for the server: Research, Marketing, Operations, Capacity Planning, etc. Each group had its own logical server defined in the EG Repository. Each logical server was limited to allowing only the people in its "group" login access. Login information was not predefined, but retained so that I did not have to know the password the group chose to use. The members of a group could use the group signon to telnet to the box, where they could set their own private password -- but shared within the group -- and then when they went to use their logical server, EG would prompt them for the password, but only once. If the password changed, they would have to explicitly change the logical server's password. This minimized maintenance efforts.

If you have an appropriate LDAP solution, that integrates with AD, then the group login thing wouldn't be necessary, as each user would have their own controlled/auditable access to the server. But, you should still create the logical servers, and use groups to control access to the logical SAS servers. Then, users can be added/removed from the group(s) through AD, simplifying maintenance and auditability.

There is a lot more to this, a lot of little details that can trip you up. So, I recommend doing a lot of reading and planning. When done correctly, the admin will be a consumate expert, but the users will simply have simple access, with out any trouble.
N/A
Posts: 0

Re: methods of login authentication

Hi Chuck, correct me if I am wrong, but the meta data server is typically just a component of the server tier, and not a separate product. Hence, I might have a way of setting the user authentication to come from AD using SAS management console. But if not, I guess LDAP is probably my best bet.
N/A
Posts: 0

Re: methods of login authentication

The only way a Unix box can make use of AD is through an LDAP product. If you are going to run SAS on the Unix box, it requires at least one login to the box for Integration technologies to run SAS there. If you plan on running batch SAS jobs, I would recommend at least two logins: one for EG sessions, and another for Batch. It is generally ill advised to rely on EG for batch processing.

SAS has a specific product = SAS MetaDAta Server.

It is not the same thing as the EG meta-data repository, but can be used for the EG meta-data repository.

From this discussion thread and from some others, it seems to me that either you could do a lot more reading, or you could use some help from a professional, and competent, SAS consultant, or perhaps both. Message was edited by: Chuck
N/A
Posts: 0

Re: methods of login authentication

You are right to say that. I've come from a mathematics background and I'm quite comfortable with matlab and mathematica. SAS is something that was forced upon me in the last month, but something that I'd want to manage competently. I've been gorging SAS for dummies and the little sas book, but I'm nowhere as familar with SAS and the programming language as I want to be.

In fact, I do want to engage a consultant, but I'd want to know the subject matter well enough before I can make sense of what a consultant could put on the table.

Message was edited by: Joshua Message was edited by: Joshua
Ask a Question
Discussion stats
  • 6 replies
  • 131 views
  • 0 likes
  • 1 in conversation