Troubleshooting user authentication failures
Depending on how the operating system is configured to perform authentication, you may experience failures to log on to SPSS® Modeler Server when running in a non-root configuration. For example, this may occur if your operating system is configured (using the /etc/nsswitch.conf file or similar) to check the local shadow password file, rather than use NIS or LDAP. This occurs because SPSS Modeler Server requires read access to the files used to perform authentication, including the /etc/shadow file or its equivalent, which stores secure user account information. However, the operating system file permissions are generally set so that /etc/shadow is accessible only by the root user. Under these circumstances a non-root process cannot read /etc/shadow to validate user passwords, resulting in an authentication error.
There are several ways to resolve this issue:
- Ask your system administrator to configure the operating system to use NIS or LDAP for authentication.
- Change the file permissions on the protected files, for example by granting read access to the /etc/shadow file so that the local user account used to run SPSS Modeler Server can access the file. While this workaround might be deemed unsuitable in production environments, it could be temporarily applied to a test environment to verify whether the authorization failure is linked to the operating system configuration.
- Specify an access control list (ACL) for the /etc/shadow file.
- Run SPSS Modeler Server as root, to enable
the server processes to read the /etc/shadow file. CAUTION:In this case, ensure that the options.cfg file for SPSS Modeler Server contains the option
start_process_as_login_user, N
to avoid the security issue explained earlier.