Chapter Contents
Previous
Next
Communications Access Methods for SAS/CONNECT and SAS/SHARE Software

Tasks That Are Common to SAS/CONNECT and SAS/SHARE

System Administrator or User

To use the TCP/IP access method with an OpenVMS host for SAS/CONNECT and SAS/SHARE, perform these tasks:

  1. Verify that you have met all your site and software requirements.

  2. Verify that you know how to set variables in SAS software.

  3. Set the SAS/CONNECT and SAS/SHARE variables.

System and Software Requirements for SAS/CONNECT and SAS/SHARE

The following sections describe the system requirements for using the TCP/IP access method, which supports two particular host platforms: VAX and AXP.

TCP/IP with OpenVMS on VAX

To use the TCP/IP access method with OpenVMS on a VAX system, you must have Version 5.3 or a subsequent version of OpenVMS and one of the following packages installed on any OpenVMS node that is used as a local or a remote host.

  1. DEC TCP/IP Services for OpenVMS, Version 2.0.

  2. Version 1.3a of VMS/ULTRIX Connection with the latest patch kit from Digital Equipment Corporation Customer Support Center or a subsequent version of VMS/ULTRIX Connection.

  3. Wollongong PathWay Runtime Version 1.1 through Version 3.5.

  4. TGV MultiNet Software with UCX compatibility.

  5. Process Software TCPware for OpenVMS with UCX compatibility.

  6. any package that provides an interface that is compatible with DEC TCP/IP Services for OpenVMS, formerly known as UCX.


TCP/IP with OpenVMS on AXP

To use the TCP/IP access method with OpenVMS on an AXP system, your system must be running Release 6.09 or a subsequent release of SAS/CONNECT or SAS/SHARE and one of the following:

  1. DEC TCP/IP Services for OpenVMS, Version 3.0 or a subsequent release.

  2. TGV MultiNet Software with UCX compatibility.

  3. Wollongong PathWay with UCX compatibility, Version 1.1 through Version 3.5.

  4. Process Software TCPware For OpenVMS with UCX compatibility.

  5. any package that provides an interface that is compatible with DEC TCP/IP Services for OpenVMS, Version 3.0 or a subsequent release.

Setting SAS Options and Variables

You may need to set specific SAS options and variables to allow the desired connections with SAS/CONNECT or SAS/SHARE when using the TCP/IP communications access method.

Consult with your network administrator to determine what variables must be set and what values to assign to them.

You may specify a SAS variable in one of these forms:

Values for these variables can contain up to eight characters, consisting of alphanumeric characters, the percent sign (%), the dollar sign ($), the pound sign (#), the at sign (@), and the underscore (_).

Note:   If you set the same variable using different forms, typically the last variable setting will take precedence and override an earlier variable setting.  [cautionend]

Displaying SAS System Option Settings

To display the settings of the SAS system options in the SAS log, use the OPTIONS procedure. The following statement produces a list of options with a brief explanation of what each option does: 

proc options; run;

Setting Security for SAS/CONNECT and SAS/SHARE

For SAS/CONNECT, you must supply identifying information to sign on without a script to a remote host running a spawner program. A SAS/SHARE server, running secured, requires identification from each connecting client. The next two sections outline the version-specific methods for specifying client identification for SAS/CONNECT and SAS/SHARE. The third section describes how to configure your SAS/SHARE server to either require or not require connecting clients to supply user identification.

Providing Client Identification in a Version 8 Session

In Version 8, you provide client identification to a SAS/CONNECT remote host or a SAS/SHARE server using the USER= and PASSWORD= options. These options are valid in the following statements:

SIGNON
RSUBMIT
LIBNAME
PROC SQL
Connect to Remote
PROC OPERATE
(in the PROC statement)
set server
stop server
quiesce server
start server
display server

Specifying client identification in the TCPSEC variable is still accepted but is not recommended in Version 8. The USER= and PASSWORD= options take precedence over the client TCPSEC variable when both are specified. For example, a SAS/SHARE client's execution of a LIBNAME statement with values assigned to the USER= and PASSWORD= options would override a TCPSEC variable setting in the same client SAS session.

Here is the syntax and definitions for these options:

USER | USERNAME | USERID | UID=username | _PROMPT_

PASSWORD | PASSWD | PASS | PWD | PW=password | _PROMPT_

Specifying these options allows a user on the local host whose username and password have been verified to access the remote host.

username
is a valid userid for the remote host and is thus host-dependent in form. If the value contains blanks or special characters, it must be enclosed in quotes.

password
is the password, if any, required for authentication of the supplied username. This value will not be echoed in the SAS log. If the value contains blanks or special characters, it must be enclosed in quotes.

_PROMPT_
specifies that the SAS System prompts the client for username and password.

Note:   The values provided when prompted must NOT be quoted.  [cautionend]

Specifying USER=_PROMPT_ and omitting the PASSWORD= specification will cause SAS to prompt you for both userid and password.

This is especially useful for allowing the SAS statements containing the USER= and PASSWORD= options to be copied and otherwise effectively reused by others.

For SAS/SHARE, the values supplied for the USER= and PASSWORD= options are valid for the duration of the remote host connection. Additional accesses of the remote host while the connection to that host is still in effect do not require re-supplying of the USER= and PASSWORD= options. For example, while the first connecting library assign to a SAS/SHARE server may require specification of the options, subsequent assigns to the same server will not need specification of these options as long as the original connection is in effect. A subsequent re-connect to the same server or connect to a different server would require re-supplying of the USER= and PASSWORD= options.

Here is a Version 8 example for SAS/SHARE: 

libname test 'prog2 a' user=joeblue password="2muchfun" server=share1;

For SAS/CONNECT, these values are valid until SIGNOFF.

Here is a Version 8 example for SAS/CONNECT: 

signon rmthost user=joeblack password=born2run;

As a security precaution, PASSWORD= field entries echoed in the log are replaced with Xs. If _PROMPT_ was specified for entering the password, the entry would not be displayed on the screen as it is typed.

Providing Client Identification in a pre-Version 8 Session

In Version 6 and Version 7, you provide client identification to a SAS/CONNECT remote host or a SAS/SHARE server using the TCPSEC variable. TCPSEC must be defined on the local host before you connect to the remote host (using the SIGNON statement) or access a SAS/SHARE server (using the LIBNAME statement).

Here is the syntax and description of this variable.

TCPSEC:==userid.password | _PROMPT_

userid.password
specifies the remote host userid and password and is thus host-dependent in form. If either the userid or password contains blanks or special characters, it must be enclosed in quotes. A period (.) is used as a delimiter between the userid and password; and therefore is not a valid character.

_PROMPT_
specifies that the SAS system prompt the client for the userid and password.

Note:   The values provided when prompted must NOT be quoted.  [cautionend]
This technique is especially useful when the configuration file specifying this variable is shared among many users.

Examples: 

TCPSEC:==bass.time2go
TCPSEC:==_PROMPT_

Providing Userid-Based Security for a SAS/SHARE Server

The TCPSEC variable also specifies whether the TCP/IP access method performs user authentication before connecting to a SAS/SHARE server. The TCPSEC variable must be set on the server before you start the SAS/SHARE server.

Here is the syntax and description of this variable.

TCPSEC:==_SECURE_

_SECURE_
The _SECURE_ value for the TCPSEC variable causes the TCP/IP access method to attempt to authenticate connecting SAS/SHARE clients. Each client connecting using TCP/IP is required to supply a userid and password valid for the host on which the server is running.

Examples: 

TCPSEC:==_SECURE_

SAS/CONNECT Only Options and Variables

TCPPORTFIRST
TCPPORTLAST

The TCPPORTFIRST and TCPPORTLAST options restrict the range of TCP/IP ports through which local hosts can remotely connect to remote hosts.

These options must be set at the SAS/CONNECT remote host.

Define the range of TCP/IP ports by assigning a beginning range value to TCPPORTFIRST and an ending range value to TCPPORTLAST, within the range of 0 through 32767.

Consult with your network administrator for advice about these settings.

Use the following syntax for the configuration file or SAS invocation: 

/TCPPORTFIRST=n /TCPPORTLAST=n

In the following example, the local host is restricted to TCP/IP ports 4020 through 4050 when making a remote host connection: 

/tcpportfirst=4020;
/tcpportlast=4050;

To restrict the range of ports to only one port, you may set the TCPPORTFIRST and TCPPORTLAST options to the same number.

Note:   On the remote host, you may set TCPPORTFIRST and TCPPORTLAST at a SAS invocation or in the configuration file.  [cautionend]

TCPTN3270

TCPTN3270 is an environment variable that is set on the local host to support connections to CMS and OS/390 remote hosts that use the full-screen 3270 TELNET protocol. The following sample script files are provided with SAS/CONNECT:
CMS TCPCMS32.SCR
OS/390 TCPTSO32.SCR

See Identifying a Script File for Signing Off and Signing On for more information about these script files.

Note:   You must use the environment variable form to set TCPTN3270.  [cautionend]

To set the TCPTN3270 variable, enter the following command on the OpenVMS local host: 

TCPTN3270:==1

If this variable is not set, the TCP/IP access method will use the TELNET line mode protocol by default.

SAS/SHARE AUTHENCR Variable

AUTHENCR:==OPTIONAL | REQUIRED

or

%let AUTHENCR=OPTIONAL | REQUIRED;

By default, a secure server accepts userids and passwords from clients in either encrypted or plain text form. The option to accept either form ensures compatibility with client sessions running older releases of SAS software.

To require only encrypted userids and passwords, you must set the AUTHENCR environment variable or a SAS macro variable. Requiring encryption requires that all clients have been upgraded to Release 6.11 or the 6.09 Enhanced Release of SAS software.

Setting this variable in a server session enables encryption for clients connecting to a secured server. The values for this variable follow:

OPTIONAL
means that a client can optionally encrypt the username and password that it sends to the server. This is the default. When using the default, the server allows connections from clients that are incapable of using encryption because they are running earlier versions of SAS that do not support encryption (releases prior to the 6.09 Enhanced Release as well as Release 6.11) and from clients that are capable of encryption.

REQUIRED
means that each client must encrypt the username and the password that it sends to the server.

See Setting SAS Options and Variables for examples of the forms that you can use to specify the AUTHENCR variable.


Chapter Contents
Previous
Next
Top of Page

Copyright 1999 by SAS Institute Inc., Cary, NC, USA. All rights reserved.