Chapter Contents

Previous

Next
SAS/CONNECT User's Guide

Version 8 Method to Secure the Remote Host

[IMAGE]Version 8 offers a new method to secure a SAS/CONNECT remote host by means of the USER= and PASSWORD= options to the SAS/CONNECT RSUBMIT and SIGNON statements.

These security options can be set on any Version 8 SAS/CONNECT local host accessing a remote host that runs any version of SAS. The USER= and PASSWORD= options to these statements are recommended and take precedence over the applicable security option, which varies by host and access method. SAS/CONNECT security options are APPCSEC, APPC_SECURE, TCPSEC, and SASUSER and SASPASS.

To establish SAS/CONNECT security in Version 8, you specify the USER= and PASSWORD= options in the appropriate statement on the local host.

If a Version 7 security option remains set on the local host, the Version 8 specification of USER= and PASSWORD= in a SAS/CONNECT statement overrides the previously set security option on the local host. For example, the Version 8 USER= and PASSWORD= options in the SIGNON statement will override the TCPSEC= _PROMPT_ option set on a UNIX local host for a non-scripted sign on to a spawner.

If a Version 8 local host does not set USER= and PASSWORD= options, the communications access method or host security option would remain in effect. If both the USER= and PASSWORD= options and a security option are specified, then the USER= and PASSWORD= options would take precedence.

Syntax and definitions are:

USER | USERNAME | USERID | UID= username | _PROMPT_
PASSWORD | PASSWD | PWD | PW= password | _PROMPT_

Specifying these options allows local hosts whose usernames and passwords have been verified to access the remote host.

Username is a valid userid on the remote host that is being accessed. On Windows NT only, the username can also include the domain name, which locates the specified username in a domain.

Password is a valid password on the remote host that is being accessed.

Supplying a userid and password by using the USER= and PASSWORD= options is more secure than assigning them by means of a security option (such as TCPSEC), which can be inadvertently publicized in a configuration file or in a log .

_PROMPT_ specifies that the SAS System prompts for userid and password. Hardcoding a username and password value to the USER= and PASSWORD= options limits the assignment to a single user whereas prompting permits any user to supply a username and password that are valid. Specifying only USER=_PROMPT_ implies that the SAS System will prompt for both a username and a password.

The values supplied for the USER= and PASSWORD= options are valid for the duration of the remote host connection. Subsequent local host connections to the same remote host or to a different remote host require you to specify these options again. By contrast, as an example, the values assigned to TCPSEC in a local host configuration file endure for subsequent connections to the same remote host and to different remote hosts.

Here is a Version 8 example:

signon user=joeblack password=born2run; 

As a security precaution, PASSWORD= field entries echoed in the local host log are replaced with Xs.

If _PROMPT_ is specified, when presented with the prompt for password during a remote host connection, the value entered would not be displayed on the screen.


Chapter Contents

Previous

Next

Top of Page

Copyright 1999 by SAS Institute Inc., Cary, NC, USA. All rights reserved.