Communications Access Methods for SAS/CONNECT and SAS/SHARE Software

SHARE

System Administrator or User

To use the TCP/IP access method with an OS/390 host for SAS/CONNECT and SAS/SHARE, perform these tasks:

Verify that you have met all your site and software requirements.
Verify that the resources for the TCP/IP access method have been defined.
Verify that you know how to set SAS options.
Set the SAS/CONNECT and SAS/SHARE options that you want.

System and Software Requirements for SAS/CONNECT and SAS/SHARE

SAS/CONNECT and SAS/SHARE require the SAS/C Transient Library when running SAS Release 6.08 TS405 and subsequent releases. (The SAS/C Transient Library is provided with SAS/CONNECT and SAS/SHARE.)

Note: If your site has installed Release 5.50 of the SAS/C Transient Library, you must replace it with the transient library that is included with SAS/CONNECT and SAS/SHARE. See Installing the SAS/C Transient Library for details. [cautend]

SAS/CONNECT and SAS/SHARE also require the Interlink SNSTCP, Version 4.1 or a subsequent release and IBM TCP/IP, Version 3.2 or a subsequent release.

Defining Resources for the TCP/IP Access Method

System Administrator, SAS Site Representative, Applications Programmer, or User: Before you can use SAS/CONNECT or SAS/SHARE with the TCP/IP access method, you must first define TCP/IP resources for the OS/390 system. See System Configuration for the TCP/IP Access Method for the tasks that you perform to define resources for SAS/CONNECT and SAS/SHARE.

Understanding TCP/IP Access Method Terminology

Familiarity with these terms will help you when you set SAS options:

name resolution: The process of mapping a host name to an address. The domain name system provides a facility for naming hosts in which programs use remote name servers to resolve host names into IP addresses for those hosts.
name server: The server program that supplies name-to-address translation, mapping from domain names to IP addresses. The server processor often runs on a dedicated processor, and the host itself is referred to as the name server.
name resolver: The client software that uses one or more name servers when translating a host name.

For a complete discussion of TCP/IP, see Internetworking with TCP/IP, Volume I: Principles, Protocols, and Architecture, Second Edition from IBM.

Setting SAS Options and Variables

You may need to set specific SAS options and variables to establish the desired connections with SAS/CONNECT and SAS/SHARE when using the TCP/IP communications access method.

Consult with your network administrator to determine what options must be set and what values to assign to them.

You may specify an option in several forms, as follows:

OPTIONS statement in a SAS AUTOEXEC file or in a SAS session:
OPTIONS variable=value;
Example:
```
OPTIONS COMAMID=TCP;
```
option in a SAS configuration file or at a SAS invocation:
option-name=value
Example:
```
tcppipmch=tcpip
```
SAS macro variable:
%LET variable=value;
Example:
```
%let tcpipmch=tcpip;
```
CLIST variable:
Add option-name(default value) to the SAS CLIST. Then add option-name(current value) at a SAS invocation.
Example CLIST:
```
tcpipmch(tcpip)            /* TCP options */ +
```
Specify the CLIST at the SAS invocation as follows:
```
sas tcpipmch(tcpip) o('dmr comamid=tcp noterminal')
```
environment variables in a SASCTCPV data set:
Add environment_variable=value to the SASCTCPV data set. See Setting SAS/C Environment Variables with the SASCTCPV DDname for more information about this data set.

Values for these options may contain up to eight characters, consisting of alphanumeric characters, the percent sign (%), the dollar sign ($), the pound sign (#), the at sign (@), and the underscore (_).

Note: If you set the same option using different forms, typically the last option setting will take precedence and override an earlier option setting. [cautend]

Displaying SAS System Option Settings

To display the settings of the SAS system options in the SAS log, use the OPTIONS procedure. The following statement produces a list of options with a brief explanation of what each option does:

proc options;
run;

SAS/CONNECT and SAS/SHARE Options

You may set these options at the SAS/CONNECT local and remote hosts and at the SAS/SHARE client and server.

ICSRSLV = ONLY | FIRST | LAST | NEVER

Specifies when or if the ICS name resolver is called to resolve an Internet address to a host name.

Note: This option is available for Interlink TCP/IP sites only. [cautend]

ONLY: specifies that only the ICS name resolver is called.
FIRST: specifies that the ICS name resolver is called first. If an error occurs, then the SAS/C resolver is called.
LAST: specifies that the SAS/C resolver is called first. If an error occurs, then the ICS name resolver is called.
NEVER: specifies that the ICS name resolver is never called. The SAS/C resolver is always called.

See Understanding the Search Order for Locating Host Names and Internet Addresses for details about the resolver.

Note: You may set ICSRSLV in a SAS configuration file, at a SAS invocation, or in a CLIST variable. [cautend]

TCPIPMCH=value

identifies which version of TCP/IP to use at sites that simultaneously run multiple versions of TCP/IP.

If the TCPIPMCH option is not defined, SAS uses the name of the address space that is running TCP/IP. If the Interlink TCP/IP is used, then SAS uses the value ACSS. For all other versions of TCP/IP, SAS uses the value TCPIP.

Note: You may set TCPIPMCH in a SAS configuration file, at a SAS invocation, or in a CLIST variable. [cautend]

TCPIPPRF=name

allows you to devise a naming convention for a data set at your site by attaching a descriptive prefix to data set names. For example, to attach the descriptive prefix SYS2.VER2.TCP to the configuration file ETC.HOSTS set the TCPIPPRF option as follows:

TCPIPPRF=SYS2.VER2.TCP

This option setting produces the data set name SYS2.VER2.TCP.ETC.HOSTS.

Note: The TCPIPPRF option initializes a data set prefix for the current SAS session. You must set this option each time you invoke a SAS session on the local and the remote hosts in a SAS/CONNECT session and at the SAS/SHARE server and client. [cautend]

Note: You may set TCPIPPRF in a SAS configuration file, at a SAS invocation, or in a CLIST variable. [cautend]

TCPSEC=_NONE_ | _PROMPT_ | userid<.password> | _SECURE_

For SAS/CONNECT, you must set the TCPSEC option to sign on to a remote host by means of a spawner program instead of with a script file. Setting the TCPSEC option allows local hosts whose userids and passwords have been verified to access the remote host that you want. See Spawner Programs for more information about spawner programs.

For SAS/SHARE, you must set the TCPSEC option in order to access a secure SHARE server. Setting the TCPSEC option allows local clients whose userids and passwords have been verified to access the server that you want.

Values that you may set at a SAS/CONNECT local host and a remote host or at a SAS/SHARE client and a server follow:

_NONE_

must be set at the SAS/SHARE client. This is the default.

Setting this value does not establish secure sessions for connecting SAS/CONNECT local hosts or SAS/SHARE clients.

_PROMPT_

must be set at the SAS/CONNECT local host and at the SAS/SHARE client.

_PROMPT_ causes SAS to prompt the user for userid and password information. When prompted for a password, the input field is not displayed. Choosing to prompt for a userid and a password provides more security than assigning the userid and password to the system option.

userid<.password>

must be set at the SAS/CONNECT local host and at the SAS/SHARE client.

This value specifies both the userid and password. Assigning the userid and password directly to the TCPSEC option at the SAS/SHARE client may inadvertently publicize this information and compromise the security of the SAS/SHARE server. Assigning the value to the option in a file allows anyone to read it.

Optionally, you may assign userid to TCPSEC and prompt only for password.

_SECURE_

must be set at the SAS/SHARE server only.

The _SECURE_ value for the TCPSEC option requires a SAS/SHARE client to supply both a valid userid and password to the remote host or to the remote host on which the server is running in order to allow client access to the server.

Examples:

TCPSEC=_NONE_;
TCPSEC=_PROMPT_;
TCPSEC=bass.timego;
TCPSEC=SECURE;

Note: You may set the TCPSEC option in a SAS configuration file, at a SAS invocation, in a SAS macro variable, or in a CLIST variable. [cautend]

SAS/CONNECT Only Options and Variables

TCPPORTFIRST

TCPPORTLAST

The TCPPORTFIRST and TCPPORTLAST SAS options restrict the range of TCP/IP ports through which local hosts can remotely connect to remote hosts.

These options must be set at the SAS/CONNECT remote host only.

Define the range of TCP/IP ports by assigning a beginning range value to TCPPORTFIRST and an ending range value to TCPPORTLAST, within the range of 0 through 32767.

Consult with your network administrator for advice about these settings.

Use the following syntax for the configuration file:

TCPPORTFIRST=n
TCPPORTLAST=n

Use the following syntax for the AUTOEXEC file:

OPTIONS TCPPORTFIRST=n;
OPTIONS TCPPORTLAST=n;

In the following example, the local host is restricted to TCP/IP ports 4020 through 4050 when making a remote host connection:

options tcpportfirst=4020;
options tcpportlast=4050;

To restrict the range of ports to only one port, you may set the TCPPORTFIRST and TCPPORTLAST options to the same number.

Note: At the remote host, you may set TCPPORTFIRST and TCPPORTLAST in an OPTIONS statement, at a SAS invocation, in the configuration file, or in the AUTOEXEC file. [cautend]

TCPTN3270

TCPTN3270 is an environment variable that is set on the local host to support connections to CMS and OS/390 remote hosts that use the full-screen 3270 TELNET protocol. The following sample script files are provided:

CMS TCPCMS32

OS/390 TCPTSO32

See Identifying a Script File for Signing On and Signing Off for more information.

To set the TCPTN3270 variable, perform the following tasks at the OS/390 local host:

Set the TCPTN3270 CLIST variable at the local host.
Add TCPTN3270(1) to the SAS CLIST.

Example CLIST:

tcptn3270(1)

If you do not set this variable, the TCP/IP access method uses the TELNET line mode protocol by default.

SAS/SHARE Only Option

By default, a secure server accepts userids and passwords from clients in either encrypted or plain text form. The option to accept either form ensures compatibility with client sessions running older releases of SAS/SHARE.

To require only encrypted userids and passwords, you must set the AUTHENCR option as an environment variable or a SAS macro variable. Requiring encryption ensures that all clients have been upgraded to Release 6.11 or the 6.09 Enhanced Release of SAS.

Setting this option in a server session enables encryption for clients connecting to a secured server. The values for this option follow:

AUTHENCR=OPTIONAL | REQUIRED

OPTIONAL

means that a client can optionally encrypt the username and the password that it sends to the server. This is the default. When using the default, the server allows connections from clients that are capable of encryption and from clients that are incapable of using encryption because they are running earlier releases of SAS (releases prior to the 6.09E and 6.11) that do not support encryption.

REQUIRED

means that each client must encrypt the username and password that it sends to the server.

See Setting SAS Options and Variables for examples of the forms you can use to specify the AUTHENCR option.

Chapter Contents
Previous
Next
Top of Page