Chapter Contents
Previous
Next
|
Chapter Contents |
Previous |
Next |
| Communications Access Methods for SAS/CONNECT and SAS/SHARE Software |
| Local Host Tasks |
| Remote Host Connection Considerations |
If you are connecting to a Windows 95, Windows 98, or Windows NT remote host, then you must connect by means of a spawner program that is already running on the remote host. If you are connecting to an OS/2, a UNIX, an OS/390, or an OpenVMS Alpha remote host, then you may connect by means of a spawner program that also is already running on the remote host. A spawner program allows the encryption of userids and passwords when passed through the network. Without a spawner, readable userids and passwords are passed through the network, which may present a security risk. See Spawner Programs for information about starting the spawner on the remote host.
You may also sign on to the remote host with a script file. If you do not sign on with a script file, as a security measure, set the USER= and PASSWORD= options in the SIGNON statement, which is passed to the remote host, allowing a local host connection.
Note: Setting the Version 7 TCPSEC variable at the local host will also
work. ![[cautionend]](../common/images/cautend.gif)
If the -NOSCRIPT option is set at the spawner invocation, sign on with a script is prohibited. Ask your network administrator whether the -NOSCRIPT option is set at the spawner invocation.
If you sign on to a host that is not a Windows NT, a Windows 95, a Windows 98, an OS/2, a UNIX, or an OS/390 host, you will sign on with a script.
| Configuring the Spawner Service in the SERVICES File |
To prepare for local hosts that connect to a UNIX, an OS/390, or an OpenVMS Alpha remote host with the spawner program, configure the spawner service in the SERVICES file at the local host. See Configuring the SERVICES File for more information.
| Setting Security for Local Hosts |
It is assumed that the local host and the remote host both run Windows NT 4.0 or a subsequent release and are included in an NT domain. Also, it is assumed that the user was authenticated through the domain controller.
A local host can use the same user context or a different user context when accessing a remote host. Users can establish user context by logging in to a remote host with their userids and passwords to access files that they have permission to access. However, users can also establish a different user context by logging in to a remote host with someone else's userid and password. Supplying someone else's userid and password gives permission to access files that they may be otherwise denied access to. A system administrator's userid and password is an example of a different context. Such a context does not belong to the user but can be granted to the user for access to particular files.
In order for a local host to connect to a remote host in the same user context, do not establish security by means of the USER= and PASSWORD= options in applicable statements or the TCPSEC option. The Windows NT native authentication facility transmits the user's context to the remote host when the user makes a connection.
In order for a local host to access a remote host with a different context, you must set security.
Set security at the local host by using either of the methods explained in Setting Security for SAS/CONNECT and SAS/SHARE. For Version 8 security behavior, specify the USER= and PASSWORD= options in the SIGNON statement. For details, see Providing Client Identification in a Version 8 Session.
For Version 7 security behavior, if you set the TCPSEC option at the local host, either specify a userid and a password that are valid on the remote host or specify _PROMPT_ to supply the userid and password when connecting to a remote host. For information about setting the TCPSEC option, see Providing Client Identification in a pre-Version 8 Session.
| Configuring Local and Remote Host Names and Internet Addresses |
You must specify the names and Internet addresses of the local and the remote hosts in the HOSTS file or by means of the name server. A name server program supplies name-to-address translation, mapping from domain names to IP addresses. The name server process often runs on a dedicated processor, and the host itself is referred to as the name server.
The format for a HOSTS file entry follows:
Internet-address host-name optional-alias
Example:
172.20.10.200 monarch local 172.20.10.201 omega remote
| Specifying the TCP/IP Communications Access Method |
Note: TCP/IP is the default communications
access method on the Windows platforms. You may omit specifying the access
method in a COMAMID statement and the TCP/IP access method is assumed, by
default.
If you specify the TCP/IP communications access method to make a remote host connection, use the following syntax:
OPTIONS COMAMID=access-method-id;
where COMAMID is an acronym for Communications Access Method Identification. access-method-id identifies the method used by the local host to communicate with the remote host. TCP (short for TCP/IP, which stands for Transmission Control Protocol/Internet Protocol) is an example of an access-method-id.
Example:
options comamid=tcp;
Alternatively, you may specify this option at a SAS invocation or in a SAS configuration file.
| Specifying the Remote Node Name |
To make a connection from a Windows local host to a remote host, use the following syntax:
OPTIONS REMOTE=node-name<.service-name>;
The value of node-name that you specify is based on the type of remote host that you are connecting to.
See Spawner Programs for information about the spawner program see Configuring the SERVICES File for information about configuring the spawner in the SERVICES file.
The value of the REMOTE= option must be a valid SAS name. See SAS Language Reference: Concepts for details about SAS naming rules.
Example:
options remote=rmtnode;
If you use an Internet address (or some other invalid SAS name), you must assign the address to a macro variable and specify the macro variable for the value of the REMOTE= option, as illustrated here:
%let node=Internet-address; options remote=node;
Do not choose a macro name that is also a valid host name on your network. SAS first attempts to reach a network host with the value of the REMOTE= option (in this example, MYNODE).
Example:
%let rmtnode=149.999.228.6; options remote=rmtnode;
| Identifying a Script File for Signing On and Signing Off |
To use one of the sample
script files that is supplied with SAS/CONNECT for
signing on and signing off, assign the RLINK fileref to the appropriate script
file, based on the remote host that you are connecting to. The sample scripts
are installed at !sasroot
\connect\saslink. You must
customize the sample scripts to accurately reflect your site logon process.
Failure to do so will produce errors.
The fileref syntax follows:
FILENAME RLINK '!sasroot\connect\saslink\script-name';
where script-name specifies the appropriate script file for the remote host.
The following table lists the scripts that are supplied by SAS Institute.
| Remote Host | Script Name |
|---|---|
| CMS | TCPCMS.SCR |
| CMS (using full-screen 3270 TELNET protocol) | TCPCMS32.SCR |
| OS/390 (with TSO) | TCPTSO.SCR |
| OS/390 (without TSO) | TCPMVS.SCR |
| OS/390 (using full-screen 3270 TELNET protocol) | TCPTSO32.SCR |
| OpenVMS | TCPVMS.SCR |
| OS/2 | TCPOS2.SCR |
| UNIX | TCPUNIX.SCR |
| Windows NT, Windows 95 , and Windows 98 | TCPWIN.SCR |
Example:
filename rlink '!sasroot\connect\saslink\tcpcms.scr';
Note: If you connect to a spawner program, you may optionally sign on with
a script file unless the spawner is invoked with the -NOSCRIPT option. In
this case, you cannot use a script file. With no script file, you will not
define an RLINK fileref. See Spawner Programs
for details about the spawner programs.
| Signing On to the Remote Host |
To complete your sign on to the remote host, enter the SIGNON statement, as follows:
signon user=_prompt_;To set security at the remote host, specify valid values for the USER= and PASSWORD= options in the SIGNON statement. For details, see Providing Client Identification in a Version 8 Session.
You can also SIGNON and identify a specific port number that a spawner monitors for a server. The specified port is used to pass data to and receive data from the server. The port number is specified with two preceding underscore (_) characters. For example, you can specify the port as 5000 using the SIGNON statement:
signon rmtnode._ _5000;
| Local Host Example |
The following example illustrates the statements that you specify in a Windows local host SAS session to connect to a remote host with the TCP/IP access method.
filename rlink '!sasroot\connect\saslink\tcpcms.scr'; options comamid=tcp remote=rmtnode; signon;
The first line identifies the script file that you use to sign on to a CMS remote host. The script file prompts for a userid and a password that are valid on the remote host. The TCP/IP communications access method is declared with a connection to the remote host RMTNODE.
| Remote Host Tasks |
| Starting the PC Spawner Program |
You must invoke the PC spawner program on a Windows NT, a Windows 95, or a Windows 98 remote host to enable local hosts to connect to it. The spawner program resides on a remote host, listening for SAS/CONNECT client requests for connection to the remote host. After the spawner program receives a request, it invokes the remote SAS session.
For Windows NT only, setting the -SECURITY option in the PC spawner invocation command secures the server.
The spawner then verifies the userid and the password against those that are assigned to the USER= and PASSWORD= options in the SIGNON statement or to the TCPSEC option. For information about setting security, see Setting Security for SAS/CONNECT and SAS/SHARE.
See Spawner Programs for information about starting the spawner on the remote host.
Note: If you set the -SECURITY option at the PC spawner invocation, inform local
users that they may need to set security on the local host.
| Remote Host Example |
You may set the following variables in a Windows NT, a Windows 95, or a Windows 98 remote host AUTOEXEC file to restrict port access:
options tcpportfirst=5020; options tcpportlast=5050;
These statements restrict access to ports 5020 through 5050.
The following example shows how the PC spawner is invoked on a Windows NT, a Windows 95, or a Windows 98 remote host:
c:\sas\connect\sasexe\spawner -comamid tcp -file mysas.cmd
The spawner is invoked and the TCP/IP access method is specified. The -FILE option executes the MYSAS.CMD file, which invokes a SAS session.
See PC Spawner Program for information about the contents of a command file and about executing the PC spawner. Options that are set by means of the spawner may override options that are set in a remote host configuration file.
|
Chapter Contents |
Previous |
Next |
 Top of Page |
Copyright 1999 by SAS Institute Inc., Cary, NC, USA. All rights reserved.