Date: Fri, 27 Jan 2012 13:06:31 +0000
Reply-To: "Fehd, Ronald J. (CDC/OCOO/ITSO)" <rjf2@CDC.GOV>
Sender: "SAS(r) Discussion" <SAS-L@LISTSERV.UGA.EDU>
From: "Fehd, Ronald J. (CDC/OCOO/ITSO)" <rjf2@CDC.GOV>
Subject: Re: Using RSA SecurID with SAS Enterprise Applications
Content-Type: text/plain; charset="us-ascii"
@MyCompany our Citrix log-in script requires
2. network password
Ron Fehd an RSA SecurID user
> -----Original Message-----
> From: email@example.com [mailto:firstname.lastname@example.org]
> On Behalf Of DUELL, BOB
> Sent: Thursday, January 26, 2012 5:36 PM
> To: SAS-L@LISTSERV.UGA.EDU
> Subject: Using RSA SecurID with SAS Enterprise Applications
> Hi SAS-L'ers,
> Does anyone have any real-world experience installing, configuring, or
> otherwise using RSA SecurID authentication for SAS users on a UNIX
> platform? I am particularly interested in speaking with anyone using
> Enterprise Miner.
> As background, we run a SAS 9.2 M3 Enterprise BI Server environment that
> includes Enterprise Miner 6.1. Individual users are defined in the system
> Metadata server and authenticate using "DefaultAuth". Enterprise Miner
> users launch the client using Java Web Start. Additionally, selected users
> connect to the server using Enterprise Guide (v 4.3) and others use
> SAS/CONNECT from full-blown PC clients (Win XP, Vista, and Win 7).
> When a user attempts to connect to the server and is presented with a
> "password" dialog box, he must enter the "password" derived from his
> SecurID token. This "password" changes every 30 seconds. In other words,
> our users do not have "host account" passwords. Everything works just fine
> for SAS/CONNECT and Enterprise Guide users. Once a connection is made, it
> remains in effect for the user to do whatever he wants.
> However, because of an design I still don't fully understand, Enterprise
> Miner works differently. Apparently, each "node" of an EM "project" causes
> a new SAS session to be started on the server (by the Object Spawner) and
> EM attempts to start the new session using the cached credentials (which
> have certainly expired). Obviously, this makes Enterprise Miner pretty
> Does anyone else have a similar environment and if so, would you be
> willing to help me with a solution? I do have an open track with SAS Tech
> Support but they share my frustration (apparently I am the only site in the
> world with this problem ;> ).
> Thanks in advance,
> PS - I'm going to post this same message to the SAS Deployment Forum. I
> hope that doesn't offend anyone but there are so many different places
> where SAS users congregate these days.