Communications Access Methods for SAS/CONNECT and SAS/SHARE Software

SHARE

Network Administrator, System Administrator and User

To use the APPC access method with an OS/390 host for SAS/CONNECT and SAS/SHARE, perform these tasks:

Verify that you have met all your site and software requirements.
Verify that the resources for the APPC access method have been defined.
Verify that you know how to set options in SAS software.
Set the SAS/CONNECT and SAS/SHARE options that you want.

System and Software Requirements for SAS/CONNECT and SAS/SHARE

Ensure that the following conditions have been met:

APPC has been installed at your site.
SAS is installed on both the local and remote hosts.
VTAM, Version 3, Release 2 or a subsequent release is running on your system.

Defining Resources for the APPC Access Method

Network Administrator

APPC is the IBM strategic enterprise connectivity solution. Based on System Network Architecture (SNA) logical unit type 6.2 (LU 6.2), APPC is the foundation for distributed processing within an SNA network. In this book, the term APPC is used to refer to the SNA LU 6.2 distributed processing method.

Before you can use SAS/CONNECT or SAS/SHARE with the APPC access method, you must first define APPC resources for the OS/390 system which allow it to behave as either a local or a remote host in a SAS/CONNECT session or as a SAS/SHARE server or client. See System Configuration for the APPC Access Method for SAS/CONNECT and System Configuration for the APPC Access Method for SAS/SHARE for details about resource configuration.

Understanding APPC Access Method Terminology

Familiarity with these terms will help you when you talk to your network administrator about SAS option settings.

LU (logical unit): is a device or program by which an end user (LU6.2 applications program) gains access to an APPC subsystem.
LU pool: is a group of LUs from which a single LU is dynamically selected and assigned to a requesting local host in a SAS/CONNECT session or to a requesting client in a SAS/SHARE session. Pool size is determined by the setting of the LUFIRST and LULAST options (see SAS/CONNECT and SAS/SHARE Options for information about these options). See System Configuration for the APPC Access Method for SAS/CONNECT and System Configuration for the APPC Access Method for SAS/SHARE for details about defining properties of the LU pool.

Setting SAS Options

You may need to set specific SAS options to establish the connections that you want with SAS/CONNECT and SAS/SHARE when using the APPC communications access method.

Consult with your network administrator to determine what options must be set and what values to assign to them.

You may specify an option in any of several forms:

in an OPTIONS statement in a SAS session or in an AUTOEXEC file
OPTIONS option-name=value;
Example:
```
options appcsec=_secure_;
```
in a SAS configuration file or at SAS invocation
option-name=value
Example:
```
appcsec=_secure_
```

Values for these options can contain up to eight characters, consisting of alphanumeric characters, the percent sign (%), the dollar sign ($), the pound sign (#), the at sign (@), and the underscore (_).

If you set multiple forms of the same option, here is the order of precedence that is followed:

OPTIONS statement

AUTOEXEC file

SAS invocation

SAS configuration file.

Setting Security for SAS/CONNECT and SAS/SHARE

For SAS/CONNECT, you must supply identifying information to sign on without a script to a remote host running a spawner program. A SAS/SHARE server, running secured, requires identification from each connecting client. The next two sections outline the version-specific methods for specifying client identification for SAS/CONNECT and SAS/SHARE.

Providing Client Identification in a Version 8 Session

In Version 8, you provide client identification to a SAS/CONNECT remote host or a SAS/SHARE server using the USER= and PASSWORD= options. These options are valid in the following statements:

SIGNON

RSUBMIT

LIBNAME

PROC SQL
Connect to Remote

PROC OPERATE

(in the PROC statement)

set server

stop server

quiesce server

start server

display server

Specifying client identification in the APPCSEC option is still accepted but is not recommended in Version 8. The USER= and PASSWORD= options take precedence over the client APPCSEC option when both are specified. For example, a SAS/SHARE client's execution of a LIBNAME statement with values assigned to the USER= and PASSWORD= options would override a APPCSEC option setting in the same client SAS session.

Here is the syntax and definitions for these options:

USER | USERNAME | USERID | UID=username | _PROMPT_

Specifying these options allows a user on the local host whose username and password have been verified to access the remote host.

username

is a valid userid for the remote host and is thus host-dependent in form. If the value contains blanks or special characters, it must be enclosed in quotes.

password

is the password, if any, required for authentication of the supplied username. This value will not be echoed in the SAS log. If the value contains blanks or special characters, it must be enclosed in quotes.

_PROMPT_

specifies that the SAS System prompts the client for username and password.

Note: The values provided when prompted must NOT be quoted. [cautionend]

Specifying USER=_PROMPT_ and omitting the PASSWORD= specification will cause SAS to prompt you for both userid and password.

This is especially useful for allowing the SAS statements containing the USER= and PASSWORD= options to be copied and otherwise effectively reused by others.

For SAS/SHARE, the values supplied for the USER= and PASSWORD= options are valid for the duration of the remote host connection. Additional accesses of the remote host while the connection to that host is still in effect do not require re-supplying of the USER= and PASSWORD= options. For example, while the first connecting library assign to a SAS/SHARE server may require specification of the options, subsequent assigns to the same server will not need specification of these options as long as the original connection is in effect. A subsequent re-connect to the same server or connect to a different server would require re-supplying of the USER= and PASSWORD= options.

Here is a Version 8 example for SAS/SHARE:

libname test 'prog2 a' user=joeblue password="2muchfun" server=share1;

For SAS/CONNECT, these values are valid until SIGNOFF.

Here is a Version 8 example for SAS/CONNECT:

signon rmthost user=joeblack password=born2run;

As a security precaution, PASSWORD= field entries echoed in the log are replaced with Xs. If _PROMPT_ was specified for entering the password, the entry would not be displayed on the screen as it is typed.

Providing Client Identification in a pre-Version 8 Session

In Version 6 and Version 7, you provide client identification to a SAS/CONNECT remote host or a SAS/SHARE server using the APPCSEC option. APPCSEC must be defined on the local host before you connect to the remote host (using the SIGNON statement) or access a SAS/SHARE server (using the LIBNAME statement).

Here is the syntax and description of this option.

APPCSEC=userid.password | _PROMPT_

userid.password

specifies the remote host userid and password and is thus host-dependent in form. If either the userid or password contains blanks or special characters, it must be enclosed in quotes. A period (.) is used as a delimiter between the userid and password and, therefore, is not a valid character.

_PROMPT_

specifies that the SAS system prompt the client for the userid and password.

Note: The values provided when prompted must NOT be quoted. [cautionend]
This technique is especially useful when the configuration file specifying this option is shared among many users.

Examples:

options appcsec=bass.time2go;
options appcsec=_prompt_;

Providing Userid-Based Security for a SAS/SHARE Server

The APPCSEC option also specifies whether the APPC access method performs user authentication before connecting to a SAS/SHARE server. The APPCSEC option must be set on the server before you start the SAS/SHARE server.

Here is the syntax and description of this option.

APPCSEC=_SECURE_ | _NONE_

_SECURE_: The _SECURE_ value for the APPCSEC option causes the APPC access method to attempt to authenticate connecting SAS/SHARE clients. Each client connecting using APPC is required to supply a userid and password valid for the host on which the server is running.
_NONE_: The _NONE_ value for the APPCSEC option causes the APPC access method to NOT attempt to authenticate connecting SAS/SHARE clients. This is the default action when APPCSEC has not been set.

Examples:

options appcsec=_secure_;
options appcsec=_none_;

SAS/CONNECT and SAS/SHARE Options

LU62MODE=mode

specifies the communications mode and its properties (for example, protocol and performance parameters). The default mode name is SASAPPC. Whether you assign a mode name to the option or you accept the default SASAPPC, you must define the mode in both the local session and the remote environments (on the local and the remote hosts in a SAS/CONNECT session or on the SAS/SHARE server and the clients, as necessary). Mode properties are defined through the MODEENT macro. See Defining the Logon Mode Table Entries for details about defining mode properties.

Ask your network administrator for advice about setting this option.

LUPREFIX=name

specifies an identifying prefix to attach to a value that is in the range defined by the LUFIRST and LULAST options. Combining LUPREFIX and a value in the range defined by the LUFIRST and LULAST options forms an ACBNAME, which is assigned to each LU pool member.

You can set this option only in a SAS configuration file or at a SAS invocation.

LUFIRST=n

specifies the beginning (numeric) boundary of the range to form the pool of LU names.

You can set this option only in a SAS configuration file or at a SAS invocation.

LULAST=n

specifies the final (numeric) boundary of the range to form the pool of LU names.

You can set this option only in a SAS configuration file or at a SAS invocation.

Example 1:

If you have a maximum pool size (or depth) of 99 LUs and you want an 8-byte ACBNAME LU name, select an LUPREFIX value that is 6 bytes long.

luprefix=sascon
lufirst=1
lulast=99

In this example, ACBNAME LU names (or LU pool names) range from SASCON01 (zero-filling is required) to SASCON99 (no zero-filling is required).

Example 2:

If you have a maximum pool size (or depth) of 9 LUs and you want an 8-byte ACBNAME LU name, select an LUPREFIX value that is 7 bytes long.

luprefix=sascont
lufirst=1
lulast=9

In this example, ACBNAME LU names (or LU pool names) range from SASCONT1 to SASCONT9 (no zero-filling is required).

Example 3:

If you have a maximum pool size (or depth) of 10 LUs and you want a 6-byte ACBNAME LU name, select an LUPREFIX value that is 4 bytes long.

luprefix=sasc
lufirst=1
lulast=10

In this example, LU pool names range from SASC01 (zero-filling is required) to SASC10 (no zero-filling is required).

You may also infer the pool size from the setting of the LULAST and LUFIRST options. Use the following formula:

pool-size= (LULAST - LUFIRST) + 1

Example:

pool-size=(99-1)+1=99

These option settings describe the pool of LUs from which an LU is dynamically selected when a local host connects to a SAS/CONNECT remote host or when a client accesses a SAS/SHARE server. For SAS/CONNECT only, these options are used only when pool use is enabled. See Options for SAS/CONNECT Only for information about the LUPOOL option.

For SAS/CONNECT only, instead of defining an LU pool, you may define a user-dedicated LU with the LUNAME option. This is explained in the next section.

Note: SAS/CONNECT does not support communication through the transaction program (TP) scheduler's LU that uses the APPC/MVS subsystem communication interfaces. Therefore, you must specify the LUPOOL= option. This release uses APPC/MVS subsystem services to invoke the remote SAS session. SAS/CONNECT opens a separate access method control block (ACB) and performs subsequent communication by means of the standard APPC/VTAM interface. [cautionend]

Options for SAS/CONNECT Only

LUNAME=name: defines a dedicated LU name (eight characters maximum) for use in the current session instead of a dynamically selected LU from an LU pool.

LUPOOL=USER | ALL
specifies when an LU should be dynamically selected from a pool.

The value USER enables pool use for local OS/390 SAS sessions. The value ALL enables pool use for both local and remote OS/390 SAS sessions. USER is the default.

Chapter Contents
Previous
Next
Top of Page

	OPTIONS statement
	AUTOEXEC file
	SAS invocation
	SAS configuration file.