Chapter Contents |
Previous |
Next |
SAS/CONNECT User's Guide |
Version 8 offers a new method to secure a SAS/CONNECT remote host by means of the USER= and PASSWORD= options to the SAS/CONNECT RSUBMIT and SIGNON statements.
These security options can be set on any Version 8 SAS/CONNECT local host accessing a remote host that runs any version of SAS. The USER= and PASSWORD= options to these statements are recommended and take precedence over the applicable security option, which varies by host and access method. SAS/CONNECT security options are APPCSEC, APPC_SECURE, TCPSEC, and SASUSER and SASPASS.
To establish SAS/CONNECT security in Version 8, you specify the USER= and PASSWORD= options in the appropriate statement on the local host.
If a Version 7 security option remains set on the local host, the Version 8 specification of USER= and PASSWORD= in a SAS/CONNECT statement overrides the previously set security option on the local host. For example, the Version 8 USER= and PASSWORD= options in the SIGNON statement will override the TCPSEC= _PROMPT_ option set on a UNIX local host for a non-scripted sign on to a spawner.
If a Version 8 local host does not set USER= and PASSWORD= options, the communications access method or host security option would remain in effect. If both the USER= and PASSWORD= options and a security option are specified, then the USER= and PASSWORD= options would take precedence.
Syntax and definitions are:
USER | USERNAME | USERID | UID= username | _PROMPT_ |
PASSWORD | PASSWD | PWD | PW= password | _PROMPT_ |
Specifying these options allows local hosts whose usernames and passwords have been verified to access the remote host.
Username is a valid userid on the remote host that is being accessed. On Windows NT only, the username can also include the domain name, which locates the specified username in a domain.
Password is a valid password on the remote host that is being accessed.
Supplying a userid and password by using the USER= and PASSWORD= options is more secure than assigning them by means of a security option (such as TCPSEC), which can be inadvertently publicized in a configuration file or in a log .
_PROMPT_ specifies that the SAS System prompts for userid and password. Hardcoding a username and password value to the USER= and PASSWORD= options limits the assignment to a single user whereas prompting permits any user to supply a username and password that are valid. Specifying only USER=_PROMPT_ implies that the SAS System will prompt for both a username and a password.
The values supplied for the USER= and PASSWORD= options are valid for the duration of the remote host connection. Subsequent local host connections to the same remote host or to a different remote host require you to specify these options again. By contrast, as an example, the values assigned to TCPSEC in a local host configuration file endure for subsequent connections to the same remote host and to different remote hosts.
Here is a Version 8 example:
signon user=joeblack password=born2run;
As a security precaution, PASSWORD= field entries echoed in the local host log are replaced with Xs.
If _PROMPT_ is specified, when presented with the prompt for password during a remote host connection, the value entered would not be displayed on the screen.
Chapter Contents |
Previous |
Next |
Top of Page |
Copyright 1999 by SAS Institute Inc., Cary, NC, USA. All rights reserved.