Chapter Contents


Communications Access Methods for SAS/CONNECT and SAS/SHARE Software

Version 8 Method to Provide User Identification

[IMAGE]Version 8 offers a new method to provide user identification to a SAS/CONNECT remote host and a SAS/SHARE server by means of the USER= and PASSWORD= options in the SIGNON or RSUBMIT statements in SAS/CONNECT and in the LIBNAME, Remote SQL Pass-Thru (RSPT), or PROC OPERATE statements in SAS/SHARE.

These security options can be set on any Version 8 local host accessing a remote host that runs any version of SAS. The USER= and PASSWORD= options to these statements are recommended and take precedence over the applicable security option, which varies by host and access method. SAS/CONNECT and SAS/SHARE security options are APPCSEC, APPC_SECURE, TCPSEC, and SASUSER and SASPASS.

If a Version 7 security option remains set on the local host, the Version 8 specification of USER= and PASSWORD= in a SAS/CONNECT statement overrides the previously set security option on the local host. For example, the Version 8 USER= and PASSWORD= options in the SIGNON statement will override the TCPSEC= _PROMPT_ option set on a local host for a non-scripted sign on to a spawner.

If a Version 8 local host does not set USER= and PASSWORD= options, the communications access method or host security option would remain in effect. If both the USER= and PASSWORD= options and a security option are specified, then the USER= and PASSWORD= options would take precedence.

Syntax and definitions are:


Specifying these options allows local hosts whose usernames and passwords have been verified to access the remote host.

Username is a valid userid on the remote host being accessed. On Windows NT only, the username can also include the domain name, which locates the specified username in a domain.

Password is a valid password on the remote host being accessed.

Supplying a userid and password by using the USER= and PASSWORD= options is more secure than assigning them by means of a security option (such as TCPSEC), which can be inadvertently publicized in a configuration file or in a log.

_PROMPT_ specifies that the SAS System prompts for userid and password. Hardcoding a username and password value to the USER= and PASSWORD= options limits the assignment to a single user whereas prompting permits any user to supply a username and password that are valid. Specifying only USER=_PROMPT_ implies that the SAS System will prompt for both a username and a password.

The values supplied for the USER= and PASSWORD= options are valid for the duration of the remote host connection. Subsequent local host connections to the same remote host or to a different remote host require you to specify these options again. By contrast, as an example, the values assigned to TCPSEC in a local host configuration file endure for subsequent connections to the same remote host and to different remote hosts.

Here is a Version 8 example for SAS/CONNECT:

signon user=joeblack password=born2run; 

Here is a Version 8 example for SAS/SHARE:

libname test 'prog2 a' user=joeblue password='2muchfun' server=share1;

As a security precaution, PASSWORD= field entries echoed in the local host log are replaced with Xs. See the naming conventions identified in the SAS/SHARE User's Guide for guidelines on quoted passwords.

If _PROMPT_ is specified, when presented with the prompt for password during a remote host connection, the value entered would not be displayed on the screen.

Chapter Contents



Top of Page

Copyright 1999 by SAS Institute Inc., Cary, NC, USA. All rights reserved.