Blogs

Blogs

Kerberos delegation with the new SAS Viya: A 5-part series

0
By Topics | SAS Administrators

SAS Viya 2020.1.4 introduced support for Kerberos delegation. As a result, Kerberos delegation will be available with the Long Term Support release 2021.1.

This series starts with an overview and continues into authentication processing in detail, Kerberos delegation configuration, and requirements for SAS/ACCESS to Hadoop.

Part 1 - SAS Viya 2020.1.4 (and later) Kerberos Delegation Overview

Part 1 is an overview of Kerberos delegation. We look at what is supported, what is required, and some comments on when using Kerberos makes sense. We compare and contrast Kerberos delegation in SAS Viya 3.5 with the new offering in SAS Viya 2020.1.4 (and later). This illustrates that Kerberos delegation will be more straight-forward to setup than in previous releases.

Part 2 - SAS Viya 2020.1.4 (and later) Kerberos Unconstrained Delegation Process Flow

Part 2 examines the process flow of authentication. In this case, we examine Kerberos Unconstrained Delegation (part 3 examines Kerberos Constrained Delegation). In this article we look at three different use-cases: launching a SAS Compute Server through SAS Studio, launching a CAS session from SAS Visual Analytics, and directly connecting to SAS Cloud Analytic Services from SAS 9.4 Maintenance 5 or higher. We examine in detail the authentication process for each step and how the different components of SAS Viya authenticate together to provide seamless access for the end-user.

Part 3 - SAS Viya 2020.1.4 (and later) Kerberos Constrained Delegation Process Flow

In Part 3 we examine Kerberos Constrained Delegation. Again, in this article we look at three different use-cases: launching a SAS Compute Server through SAS Studio, launching a CAS session from SAS Visual Analytics, and directly connecting to SAS Cloud Analytic Services from SAS 9.4 Maintenance 5 or higher. Just as with the Unconstrained Delegation article we examine the authentication process in detail, but here we illustrate the use of Constrained Delegation.

Part 4 - SAS Viya 2020.1.4 (and later) Kerberos Delegation Configuration

In this post, we examine the configuration of Kerberos delegation. This covers both constrained and unconstrained delegation. We walk through testing the prerequisites, completing the configuration of SAS Viya, and show how you can check the configured items. Since the configuration is completed using the kustomization.yaml and site.yaml and is not displayed in SAS Environment Manager, we provide you with a series of kubectl commands to check the configured items.

Part 5 - SAS Viya 2020.1.4 (and later) Kerberos Delegation with Hadoop

Part 5 examines Kerberos delegation and accessing a Secured Hadoop cluster. In this article we cover some important considerations for Kerberos delegation to Hadoop and look at the additional configuration required.

See all of my SAS Support Communities articles here.

Tags SAS Viya
Share

About Author

Stuart Rogers

Architecture and Security Lead

Stuart Rogers is a Architecture and Security Lead in the Global Enablement and Learning (GEL) Team within SAS R&D's Global Technical Enablement Division. His areas of focus include the SAS Middle Tier and security authentication.

Leave A Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to Top