Chapter Contents


SAS/CONNECT User's Guide

Version 8 Method to Secure the Remote Host

[IMAGE]Version 8 offers a new method to secure a SAS/CONNECT remote host by means of the USER= and PASSWORD= options to the SAS/CONNECT RSUBMIT and SIGNON statements.

These security options can be set on any Version 8 SAS/CONNECT local host accessing a remote host that runs any version of SAS. The USER= and PASSWORD= options to these statements are recommended and take precedence over the applicable security option, which varies by host and access method. SAS/CONNECT security options are APPCSEC, APPC_SECURE, TCPSEC, and SASUSER and SASPASS.

To establish SAS/CONNECT security in Version 8, you specify the USER= and PASSWORD= options in the appropriate statement on the local host.

If a Version 7 security option remains set on the local host, the Version 8 specification of USER= and PASSWORD= in a SAS/CONNECT statement overrides the previously set security option on the local host. For example, the Version 8 USER= and PASSWORD= options in the SIGNON statement will override the TCPSEC= _PROMPT_ option set on a UNIX local host for a non-scripted sign on to a spawner.

If a Version 8 local host does not set USER= and PASSWORD= options, the communications access method or host security option would remain in effect. If both the USER= and PASSWORD= options and a security option are specified, then the USER= and PASSWORD= options would take precedence.

Syntax and definitions are:


Specifying these options allows local hosts whose usernames and passwords have been verified to access the remote host.

Username is a valid userid on the remote host that is being accessed. On Windows NT only, the username can also include the domain name, which locates the specified username in a domain.

Password is a valid password on the remote host that is being accessed.

Supplying a userid and password by using the USER= and PASSWORD= options is more secure than assigning them by means of a security option (such as TCPSEC), which can be inadvertently publicized in a configuration file or in a log .

_PROMPT_ specifies that the SAS System prompts for userid and password. Hardcoding a username and password value to the USER= and PASSWORD= options limits the assignment to a single user whereas prompting permits any user to supply a username and password that are valid. Specifying only USER=_PROMPT_ implies that the SAS System will prompt for both a username and a password.

The values supplied for the USER= and PASSWORD= options are valid for the duration of the remote host connection. Subsequent local host connections to the same remote host or to a different remote host require you to specify these options again. By contrast, as an example, the values assigned to TCPSEC in a local host configuration file endure for subsequent connections to the same remote host and to different remote hosts.

Here is a Version 8 example:

signon user=joeblack password=born2run; 

As a security precaution, PASSWORD= field entries echoed in the local host log are replaced with Xs.

If _PROMPT_ is specified, when presented with the prompt for password during a remote host connection, the value entered would not be displayed on the screen.

Chapter Contents



Top of Page

Copyright 1999 by SAS Institute Inc., Cary, NC, USA. All rights reserved.