Communications Access Methods for SAS/CONNECT and SAS/SHARE Software

SHARE

Network Administrator, System Administrator, and User

To use the APPC access method with a CMS host for SAS/CONNECT and SAS/SHARE, perform these tasks:

Verify that you have met all your site and software requirements.
Verify that the resources for the APPC access method have been defined.
Set the SAS/CONNECT and SAS/SHARE options that you want.

System and Software Requirements for SAS/CONNECT and SAS/SHARE

Ensure that the following conditions have been met:

SAS software is installed on both the local and remote hosts.
To use the APPC access method between sessions on a VM host or another type of host, the following conditions apply:
- You can communicate within your local VM/ESA system without additional software.
- You can communicate between VM/ESA systems that are in either the same Transparent Services Access Facility (TSAF) collection or the same Communication Services (CS) collection.
- You can communicate with systems in an SNA network if you have installed the Advanced Communication Facility for the Virtual Telecommunications Access Method (ACF/VTAM), the Group Control System (GCS), and the APPC/VM VTAM Support (AVS).

Note: For SAS/CONNECT only, you will need to manage SNA session limits to use the APPC access method in an SNA network. For more information about setting up an SNA network (including setting session limits), see System Configuration for the APPC Access Method for SAS/CONNECT. [cautionend]

Defining Resources for the APPC Access Method

Network Administrator

APPC is an IBM strategic enterprise connectivity solution. Based on a System Network Architecture (SNA) logical unit type 6.2 (LU 6.2), APPC is the foundation for distributed processing within an SNA network. In this book, APPC is used to refer to the SNA LU 6.2 distributed processing method.

Before you can use SAS/CONNECT or SAS/SHARE with the APPC access method, you must first define APPC resources for the CMS system. This enables CMS to behave as either a local or a remote host in a SAS/CONNECT session or as a SAS/SHARE server or client. See System Configuration for the APPC Access Method for SAS/CONNECT for SAS/CONNECT resource configuration. See System Configuration for the APPC Access Method for SAS/SHARE for SAS/SHARE resource configuration.

Setting SAS Options

To use the APPC access method with SAS/CONNECT and SAS/SHARE, you may need to set specific options.

You may specify an option in any of several forms, as follows:

in an OPTIONS statement in a SAS session or in an AUTOEXEC file:
OPTIONS variable-name=value;
Example:
```
options appcsec=_secure_;
```
in a SAS configuration file or at SAS invocation: variable-name=value
Example:
```
appcsec=_secure_
```

If you set multiple forms of the same option, this is the order of precedence that is followed:

OPTIONS statement

AUTOEXEC file

SAS invocation

SAS configuration file

Setting Security for SAS/CONNECT and SAS/SHARE

There are several methods for supplying userid and password information for SAS/CONNECT and SAS/SHARE. They are:

USER= and PASSWORD= options in selected statements
APPCSEC option
SCOMDIR NAMES or UCOMDIR NAMES file
APPCPASS statement.

The person who maintains the userid and password information varies according to the method used.

For SAS/CONNECT, you must supply identifying information to sign on without a script to a remote host running a spawner program. A SAS/SHARE server, running secured, requires identification from each connecting client. The next two sections outline the version-specific methods for specifying client identification for SAS/CONNECT and SAS/SHARE.

Providing Client Identification in a Version 8 Session

In Version 8, you provide client identification to a SAS/CONNECT remote host or a SAS/SHARE server using the USER= and PASSWORD= options. These options are valid in the following statements:

SIGNON

RSUBMIT

LIBNAME

PROC SQL
Connect to Remote

PROC OPERATE

(in the PROC statement)

set server

stop server

quiesce server

start server

display server

Specifying client identification in the APPCSEC option is still accepted but is not recommended in Version 8. The USER= and PASSWORD= options take precedence over the client APPCSEC option when both are specified. For example, a SAS/SHARE client's execution of a LIBNAME statement with values assigned to the USER= and PASSWORD= options would override an APPCSEC option setting in the same client SAS session.

CAUTION:: In order to make a SAS/SHARE server secured, the APPCSEC option must still be set at a SAS/SHARE server that can run on a supported host.

Here is the syntax and the definitions for these options:

USER | USERNAME | USERID | UID=username | _PROMPT_

Specifying these options allows a user on the local host whose username and password have been verified to access the remote host.

username

is a valid userid for the remote host and is thus host-dependent in form. If the value contains blanks or special characters, it must be enclosed in quotes.

password

is the password, if any, required for authentication of the supplied username. This value will not be echoed in the SAS log. If the value contains blanks or special characters, it must be enclosed in quotes.

_PROMPT_

specifies that the SAS System prompts the client for username and password.

Note: The values provided when prompted must NOT be quoted. [cautionend]

Specifying USER=_PROMPT_ and omitting the PASSWORD= specification will cause SAS to prompt you for both userid and password.

This is especially useful for allowing the SAS statements containing the USER= and PASSWORD= options to be copied and otherwise effectively reused by others.

For SAS/SHARE, the values supplied for the USER= and PASSWORD= options are valid for the duration of the remote host connection. Additional accesses of the remote host while the connection to that host is still in effect do not require re-supplying of the USER= and PASSWORD= options. For example, while the first connecting library assign to a SAS/SHARE server may require specification of the options, subsequent assigns to the same server will not need specification of these options as long as the original connection is in effect. A subsequent re-connect to the same server or connect to a different server would require re-supplying of the USER= and PASSWORD= options.

Here is a Version 8 example for SAS/SHARE:

libname test 'prog2 a' user=joeblue password="2muchfun" server=share1;

Here is a Version 8 example for SAS/CONNECT:

signon rmthost user=joeblack password=born2run;

As a security precaution, PASSWORD= field entries echoed in the log are replaced with Xs. If _PROMPT_ was specified for entering the password, the entry would not be displayed on the screen as it is typed.

Providing Client Identification in a pre-Version 8 Session

In Version 6 and 7, the APPCSEC option is used to specify how users are authenticated when connecting between hosts using the APPC access method. On the local host, you may set the APPCSEC option to allow local hosts or clients whose userids and passwords have been verified to access a SAS/CONNECT remote host or a SAS/SHARE server. On the remote host, you must specify the APPCSEC option before you start a server.

The valid values for the APPCSEC option are:

APPCSEC=_NONE_ | _PROMPT_ | userid.password | _SECURE_

_NONE_

has different meanings, depending on whether it is set at the local host or the remote host.

SAS/CONNECT local host or at the SAS/SHARE client: _NONE_ specifies that the userid and password are to be obtained from the UCOMDIR NAMES, SCOMDIR NAMES, or APPCPASS CP directory entries instead of from the APPCSEC option. _NONE_ is the default.
SAS/CONNECT remote host or at the SAS/SHARE server: _NONE_ specifies an unsecured remote host, which does not require the local host to supply a verified userid and password.

_PROMPT_

must be set at the SAS/CONNECT local host or at the SAS/SHARE client.

_PROMPT_ specifies that SAS prompt the user for userid and password information. If the communications directory file entry contains SECURITY.NONE, no prompting is performed.

When prompted for a userid, if you press the ENTER key without supplying one, then SAS uses the local userid. The userid is not obtained from UCOMDIR NAMES, SCOMDIR NAMES, or an APPCPASS CP directory statement as it is when _NONE_ is specified.

When prompted for a password, the input field is not displayed. If you press the ENTER key without supplying a password, one is obtained from UCOMDIR NAMES, SCOMDIR NAMES, or an APPCPASS CP directory statement. The behaviors of the _PROMPT_ and _NONE_ values are different.

userid.password

must be set at the SAS/CONNECT local host or at the SAS/SHARE client.

This value optionally specifies the userid and the password. If you do not specify a userid, SAS uses the local userid. The userid is not obtained from UCOMDIR NAMES, SCOMDIR NAMES, or an APPCPASS CP directory statement as it is when _NONE_ is specified.

_SECURE_

must be set at the SAS/SHARE server only.

The _SECURE_ value for the APPCSEC option requires the SAS/SHARE client to supply a valid userid and password to the remote host on which the server is running in order to allow client access to the server.

APPCSEC is maintained by the user. If you assign the userid.password or password to the APPCSEC option and store the option in a disk file, you should make the file secure, for example, by using a read password on the disk. If you are running SAS/CONNECT or SAS/SHARE interactively, you can assign the userid and password to the APPCSEC option without a need for file security.

If you assign _PROMPT_ to the APPCSEC option, the userid and password cannot be revealed by writing it to either SASLOG or a console spool file.

You may use the APPCSEC option as the means to override the userid and password information in the UCOMDIR NAMES or SCOMDIR NAMES file, or the APPCPASS statement.

SCOMDIR NAMES or UCOMDIR NAMES File

The SCOMDIR NAMES or UCOMDIR NAMES file can be used to specify userid and password security information. For more information about storing the userid and password in either of these files, for SAS/CONNECT, see Creating a Communications Directory File; for SAS/SHARE, see Creating a User Communications Directory File.

The UCOMDIR NAMES file is maintained by the user. If you store passwords in the file you should secure it, for example, by using a disk password.

For information about the UCOMDIR NAMES file, see System Configuration for the APPC Access Method for SAS/CONNECT. For information about the SCOMDIR NAMES file, see System Configuration for the APPC Access Method for SAS/SHARE.

APPCPASS Statement

The APPCPASS statement is used to specify userid and password security information in the local user's CP directory. See the IBM publication VM/ESA Connectivity Planning Administration and Operation (SC24-5448) for more information about APPCPASS.

The system administrator maintains an APPCPASS statement for each userid. It is secure because users must have privileged authority to access the CP directories of other users.

Chapter Contents
Previous
Next
Top of Page

	OPTIONS statement
	AUTOEXEC file
	SAS invocation
	SAS configuration file