Chapter Contents |
Previous |
Next |
Communications Access Methods for SAS/CONNECT and SAS/SHARE Software |
System and Software Requirements for SAS/CONNECT and SAS/SHARE |
Ensure that the following conditions have been met:
Note: For SAS/CONNECT only,
you will need to manage SNA session limits to use the APPC access method in
an SNA network. For more information about setting up an SNA network (including
setting session limits), see System Configuration for the APPC Access Method for SAS/CONNECT.
Defining Resources for the APPC Access Method |
Network Administrator
APPC is an IBM strategic enterprise connectivity solution. Based on a System Network Architecture (SNA) logical unit type 6.2 (LU 6.2), APPC is the foundation for distributed processing within an SNA network. In this book, APPC is used to refer to the SNA LU 6.2 distributed processing method.
Before you can use SAS/CONNECT or SAS/SHARE with the APPC access method, you must first define APPC resources for the CMS system. This enables CMS to behave as either a local or a remote host in a SAS/CONNECT session or as a SAS/SHARE server or client. See System Configuration for the APPC Access Method for SAS/CONNECT for SAS/CONNECT resource configuration. See System Configuration for the APPC Access Method for SAS/SHARE for SAS/SHARE resource configuration.
Setting SAS Options |
To use the APPC access method with SAS/CONNECT and SAS/SHARE, you may need to set specific options.
You may specify an option in any of several forms, as follows:
OPTIONS variable-name=value;
Example:
options appcsec=_secure_;
Example:
appcsec=_secure_
If you set multiple forms of the same option, this is the order of precedence that is followed:
OPTIONS statement | |
AUTOEXEC file | |
SAS invocation | |
SAS configuration file |
Setting Security for SAS/CONNECT and SAS/SHARE |
There are several methods for supplying userid and password information for SAS/CONNECT and SAS/SHARE. They are:
For SAS/CONNECT, you must supply identifying information to sign on
without a script to a remote host running a spawner program. A SAS/SHARE server,
running secured, requires identification from each connecting client. The
next two sections outline the version-specific methods for specifying client
identification for SAS/CONNECT and SAS/SHARE.
In Version 8, you provide client identification to a SAS/CONNECT remote host or a SAS/SHARE server using the USER= and PASSWORD= options. These options are valid in the following statements:
SIGNON |
RSUBMIT |
LIBNAME |
PROC
SQL
Connect to Remote |
PROC OPERATE
|
Specifying client identification in the APPCSEC option is still accepted but is not recommended in Version 8. The USER= and PASSWORD= options take precedence over the client APPCSEC option when both are specified. For example, a SAS/SHARE client's execution of a LIBNAME statement with values assigned to the USER= and PASSWORD= options would override an APPCSEC option setting in the same client SAS session.
Here is the syntax and the definitions for these options:
USER | USERNAME | USERID | UID=username | _PROMPT_ |
PASSWORD | PASSWD | PASS | PWD | PW=password | _PROMPT_ |
Specifying these options allows a user on the local host whose username and password have been verified to access the remote host.
Note: The values provided
when prompted must NOT be quoted.
Specifying USER=_PROMPT_ and omitting the PASSWORD= specification will cause SAS to prompt you for both userid and password.
This is especially useful for allowing the SAS statements containing the USER= and PASSWORD= options to be copied and otherwise effectively reused by others.
For SAS/SHARE, the values supplied for the USER= and PASSWORD= options are valid for the duration of the remote host connection. Additional accesses of the remote host while the connection to that host is still in effect do not require re-supplying of the USER= and PASSWORD= options. For example, while the first connecting library assign to a SAS/SHARE server may require specification of the options, subsequent assigns to the same server will not need specification of these options as long as the original connection is in effect. A subsequent re-connect to the same server or connect to a different server would require re-supplying of the USER= and PASSWORD= options.
Here is a Version 8 example for SAS/SHARE:
libname test 'prog2 a' user=joeblue password="2muchfun" server=share1;
Here is a Version 8 example for SAS/CONNECT:
signon rmthost user=joeblack password=born2run;
As a security precaution, PASSWORD= field entries echoed in the log
are replaced with Xs. If _PROMPT_ was specified for entering the password,
the entry would not be displayed on the screen as it is typed.
In Version 6 and 7, the APPCSEC option is used to specify how users are authenticated when connecting between hosts using the APPC access method. On the local host, you may set the APPCSEC option to allow local hosts or clients whose userids and passwords have been verified to access a SAS/CONNECT remote host or a SAS/SHARE server. On the remote host, you must specify the APPCSEC option before you start a server.
The valid values for the APPCSEC option are:
APPCSEC=_NONE_ | _PROMPT_ | userid.password | _SECURE_ |
_PROMPT_ specifies that SAS prompt the user for userid and password information. If the communications directory file entry contains SECURITY.NONE, no prompting is performed.
When prompted for a userid, if you press the ENTER key without supplying one, then SAS uses the local userid. The userid is not obtained from UCOMDIR NAMES, SCOMDIR NAMES, or an APPCPASS CP directory statement as it is when _NONE_ is specified.
When prompted for a password, the input field is not displayed. If you press the ENTER key without supplying a password, one is obtained from UCOMDIR NAMES, SCOMDIR NAMES, or an APPCPASS CP directory statement. The behaviors of the _PROMPT_ and _NONE_ values are different.
This value optionally specifies the userid and the password. If you do not specify a userid, SAS uses the local userid. The userid is not obtained from UCOMDIR NAMES, SCOMDIR NAMES, or an APPCPASS CP directory statement as it is when _NONE_ is specified.
The _SECURE_ value for the APPCSEC option requires the SAS/SHARE client to supply a valid userid and password to the remote host on which the server is running in order to allow client access to the server.
APPCSEC is maintained by the user. If you assign the userid.password or password to the APPCSEC option and store the option in a disk file, you should make the file secure, for example, by using a read password on the disk. If you are running SAS/CONNECT or SAS/SHARE interactively, you can assign the userid and password to the APPCSEC option without a need for file security.
If you assign _PROMPT_ to the APPCSEC option, the userid and password cannot be revealed by writing it to either SASLOG or a console spool file.
You may use the APPCSEC option as the means to override the userid and
password information in the UCOMDIR NAMES or SCOMDIR NAMES file, or the APPCPASS
statement.
The SCOMDIR NAMES or UCOMDIR NAMES file can be used to specify userid and password security information. For more information about storing the userid and password in either of these files, for SAS/CONNECT, see Creating a Communications Directory File; for SAS/SHARE, see Creating a User Communications Directory File.
The UCOMDIR NAMES file is maintained by the user. If you store passwords in the file you should secure it, for example, by using a disk password.
For information about the UCOMDIR NAMES file, see System Configuration for the APPC Access Method for SAS/CONNECT. For
information about
the SCOMDIR NAMES file, see System Configuration for the APPC Access Method for SAS/SHARE.
The APPCPASS statement is used to specify userid and password security information in the local user's CP directory. See the IBM publication VM/ESA Connectivity Planning Administration and Operation (SC24-5448) for more information about APPCPASS.
The system administrator maintains an APPCPASS statement for each userid. It is secure because users must have privileged authority to access the CP directories of other users.
Chapter Contents |
Previous |
Next |
Top of Page |
Copyright 1999 by SAS Institute Inc., Cary, NC, USA. All rights reserved.