Chapter Contents |
Previous |
Next |
Communications Access Methods for SAS/CONNECT and SAS/SHARE Software |
System and Software Requirements for SAS/CONNECT and SAS/SHARE |
Ensure that the following conditions have been met:
Defining Resources for the TCP/IP Access Method |
Setting SAS Options and Variables |
You may need to set specific variables in SAS to establish the connections that you want with SAS/CONNECT and SAS/SHARE when using the TCP/IP communications access method. Ask your network administrator for advice about these settings.
You may specify a SAS variable in one of these forms:
OPTIONS variable=value;
Example:
OPTIONS COMAMID=TCP;
%let variable-name=value;
Example:
%let tcpsec=_secure_;
GLOBALV SETL variable-name value
Example:
GLOBALV SETL TCPTN3270 1
For the global variable method, variable-name must be uppercase, and value may be mixed case.
Values for these variables can contain up to eight characters, consisting of alphanumeric characters, the percent sign (%), the dollar sign ($), the pound sign (#), the at sign (@), and the underscore (_).
If you set multiple forms of the same variable, this is the order of precedence that is followed:
OPTIONS statement | |
SAS macro variable | |
CMS global variable. |
Note: If you set the same
option using different forms, typically the
last option setting will take precedence and override an earlier option setting.
Setting Security for SAS/CONNECT and SAS/SHARE |
For SAS/CONNECT, you must supply identifying information to sign
on without a script to a remote host running a spawner program. A SAS/SHARE
server, running secured, requires identification from each connecting client.
The next two sections outline the version-specific methods for specifying
client identification for SAS/CONNECT and SAS/SHARE. The third section describes
how to configure your SAS/SHARE server to either require or not require connecting
clients to supply user identification.
In Version 8, you provide client identification to a SAS/CONNECT remote host or a SAS/SHARE server using the USER= and PASSWORD= options. These options are valid in the following statements:
SIGNON |
RSUBMIT |
LIBNAME |
PROC
SQL
Connect to Remote |
PROC OPERATE
|
Specifying client identification in the TCPSEC variable is still accepted but is not recommended in Version 8. The USER= and PASSWORD= options take precedence over the client TCPSEC variable when both are specified. For example, a SAS/SHARE client's execution of a LIBNAME statement with values assigned to the USER= and PASSWORD= options would override a TCPSEC variable setting in the same client SAS session.
Here is the syntax and definitions for these options:
USER | USERNAME | USERID | UID=username | _PROMPT_ |
PASSWORD | PASSWD | PASS | PWD | PW=password | _PROMPT_ |
Specifying these options allows a user on the local side whose username and password have been verified to access the remote side.
Note: The values provided
when prompted must NOT be quoted.
Specifying USER=_PROMPT_ and omitting the PASSWORD= specification will cause SAS to prompt you for both userid and password.
This is especially useful for allowing the SAS statements containing the USER= and PASSWORD= options to be copied and otherwise effectively reused by others.
For SAS/SHARE, the values supplied for the USER= and PASSWORD= options are valid for the duration of the remote host connection. Additional accesses of the remote host while the connection to that host is still in effect do not require re-supplying of the USER= and PASSWORD= options. For example, while the first connecting library assign to a SAS/SHARE server may require specification of the options, subsequent assigns to the same server will not need specification of these options as long as the original connection is in effect. A subsequent re-connect to the same server or connect to a different server would require re-supplying of the USER= and PASSWORD= options.
Here is a Version 8 example for SAS/SHARE:
libname test 'prog2 a' user=joeblue password="2muchfun" server=share1;
For SAS/CONNECT, these values are valid until SIGNOFF.
Here is a Version 8 example for SAS/CONNECT:
signon rmthost user=joeblack password=born2run;
As a security precaution, PASSWORD= field entries echoed in the log
are replaced with Xs. If _PROMPT_ was specified for entering the password,
the entry would not be displayed on the screen as it is typed.
In Version 6 and Version 7, you provide client identification to a SAS/CONNECT remote host or a SAS/SHARE server using the TCPSEC variable. TCPSEC must be defined on the local host before you connect to the remote host (using the SIGNON statement) or access a SAS/SHARE server (using the LIBNAME statement).
Here is the syntax and description of this variable.
TCPSEC=userid.password | _PROMPT_ |
Note: The value of TCPSEC will be set and displayed
like any other macro variable. Thus if the %LET statement that is used to
set the value of TCPSEC appears in the SAS log, the password will also appear
in plain text. Similarly, a %PUT statement will also print the password in
plain text.
Note: The values provided when prompted must NOT
be quoted.
This technique is especially useful when the configuration
file specifying this variable is shared among many users.
Examples:
%let tcpsec=bass.time2go; %let tcpsec=_prompt_;
The TCPSEC variable also specifies whether the TCP/IP access method performs user authentication before connecting to a SAS/SHARE server. The TCPSEC variable must be set before you start the server.
Here is the syntax and description of this variable.
TCPSEC=_SECURE_ | _NONE_ |
Examples:
%let tcpsec=_secure_; %let tcpsec=_none_;
SAS/CONNECT Only Options and Variables |
TCPPORTFIRST |
TCPPORTLAST |
The TCPPORTFIRST and TCPPORTLAST options restrict the range of TCP/IP ports through which local hosts can remotely connect to remote hosts.
These options must be set at the SAS/CONNECT remote host.
Define the range of TCP/IP ports by assigning a beginning range value to TCPPORTFIRST and an ending range value to TCPPORTLAST, within the range of 0 through 32767.
Consult with your network administrator for advice about these settings.
Use the following syntax for the configuration file:
TCPPORTFIRST n TCPPORTLAST nUse the following syntax for the AUTOEXEC file:
OPTIONS TCPPORTFIRST=n; OPTIONS TCPPORTLAST=n;
In the following example, the local host is restricted to TCP/IP ports 4020 through 4050 when making a remote host connection:
options tcpportfirst=4020; options tcpportlast=4050;
To restrict the range of ports to only one port, you may set the TCPPORTFIRST and TCPPORTLAST options to the same number.
Note: At the remote host, you may set TCPPORTFIRST and TCPPORTLAST in
an OPTIONS statement, at a SAS invocation, in the configuration file, or in
the AUTOEXEC file.
CMS | TCPCMS32.SCR |
MVS | TCPTSO32.SCR |
See Identifying a Script File for Signing On and Signing Off for information about these script files.
At the CMS local host, set the TCPTN3270 variable as follows:
GLOBALV SETL TCPTN3270 1
If you do not set this variable, the TCP/IP access method uses the TELNET line mode protocol by default.
SAS/SHARE Only Variable |
By default, a secure server accepts userids and passwords from clients in either encrypted or in plain text form. Being able to accept either form ensures compatibility with client sessions that are running earlier releases of SAS (releases prior to 6.09E).
To require only encrypted userids and passwords, you must set the CMS global variable AUTHENCR or a SAS macro variable. Requiring encryption ensures that all clients have been upgraded to Release 6.09E or to Release 6.11 of SAS software.
Setting the variable AUTHENCR in a server session enables encryption for clients that are connecting to a secure server. The values for this variable are:
AUTHENCR=OPTIONAL | REQUIRED |
See Setting SAS Options and Variables for examples of the forms that you can use to specify the AUTHENCR variable.
Chapter Contents |
Previous |
Next |
Top of Page |
Copyright 1999 by SAS Institute Inc., Cary, NC, USA. All rights reserved.