SAS Viya 2020.1.4 introduced support for Kerberos delegation. As a result, Kerberos delegation will be available with the Long Term Support release 2021.1.
This series starts with an overview and continues into authentication processing in detail, Kerberos delegation configuration, and requirements for SAS/ACCESS to Hadoop.
Part 1 is an overview of Kerberos delegation. We look at what is supported, what is required, and some comments on when using Kerberos makes sense. We compare and contrast Kerberos delegation in SAS Viya 3.5 with the new offering in SAS Viya 2020.1.4 (and later). This illustrates that Kerberos delegation will be more straight-forward to setup than in previous releases.
Part 2 examines the process flow of authentication. In this case, we examine Kerberos Unconstrained Delegation (part 3 examines Kerberos Constrained Delegation). In this article we look at three different use-cases: launching a SAS Compute Server through SAS Studio, launching a CAS session from SAS Visual Analytics, and directly connecting to SAS Cloud Analytic Services from SAS 9.4 Maintenance 5 or higher. We examine in detail the authentication process for each step and how the different components of SAS Viya authenticate together to provide seamless access for the end-user.
In Part 3 we examine Kerberos Constrained Delegation. Again, in this article we look at three different use-cases: launching a SAS Compute Server through SAS Studio, launching a CAS session from SAS Visual Analytics, and directly connecting to SAS Cloud Analytic Services from SAS 9.4 Maintenance 5 or higher. Just as with the Unconstrained Delegation article we examine the authentication process in detail, but here we illustrate the use of Constrained Delegation.
In this post, we examine the configuration of Kerberos delegation. This covers both constrained and unconstrained delegation. We walk through testing the prerequisites, completing the configuration of SAS Viya, and show how you can check the configured items. Since the configuration is completed using the kustomization.yaml and site.yaml and is not displayed in SAS Environment Manager, we provide you with a series of kubectl commands to check the configured items.
Part 5 examines Kerberos delegation and accessing a Secured Hadoop cluster. In this article we cover some important considerations for Kerberos delegation to Hadoop and look at the additional configuration required.
See all of my SAS Support Communities articles here.