@woo,
>> we have host authentication implemented at the moment for sas grid + that PAM_SET...option is already turned off,,,in that case, what can be done from sas end?
In this case SAS sessions can use the Kerberos ticket that was created by issuing kinit command from the Linux console. If you want to generate the Kerberos ticket from SAS, you have to configure PAM authentication + uncomment that option in sasauth.conf. Also, WorkspaceServer_usermods.sh should have this script:
workspace_user=$(whoami)
workspace_user_ccaches=$(find /tmp -maxdepth 1 -user ${workspace_user} -type f -name "krb5cc_*" -printf '%T@ %p\n' | sort -k 1nr | sed 's/^[^ ]* //' | head -n 1)
if test ! -z "$workspace_user_ccaches"; then
echo "Most recent krb5 ccache found for '${workspace_user}' at '${workspace_user_ccaches}'."
echo "Cache last modified: $(stat -c%y ${workspace_user_ccaches})"
export KRB5CCNAME=$workspace_user_ccaches
echo "KRB5CCNAME has been set to ${KRB5CCNAME}."
else
echo "No krb5 credentials caches were found in /tmp for '${workspace_user}'."
fi
... View more
