Valid in: | configuration file, SAS invocation, metadata |
Categories: | Environment control: Initialization and operation |
System Administration: Security | |
PROC OPTIONS GROUP= | EXECMODES |
SECURITY | |
Default: | negotiate |
Restriction: | Windows operating environment only |
See: | SECPACKAGELIST System Option |
SSPI System Option |
-SECPACKAGE
"negotiate"
, the IOM server uses the SECPACKAGELIST
option to determine which package to use. SECPACKAGELIST specifies
the names of the security packages that can be used by the server
to authenticate incoming client connections. SECPACKAGE and SECPACKAGELIST
are required to support single sign-on (SSO) to IOM servers. The client
should initialize with a matching package name. Specifying an unknown
package name (such as "disable") will effectively disable SSO.
-sspi -secpackagelist "kerberos"In the preceding example, SECPACKAGE does not have to be specified because it defaults to
negotiate
.
The only protocol in the list to negotiate is Kerberos. Therefore,
all clients that connect to the server must use Kerberos or fail the
connection. It is important that the protocols of both the client
and server match. The client is also forced to use Kerberos if the
server displays only Kerberos in the package list.
-sspi -secpackagelist "ntlm"In the preceding example, SECPACKAGE does not have to be specified because it defaults to
negotiate
.
The only protocol in the list to negotiate is NTLM. Therefore, all
clients that connect to the server must use NTLM or fail the connection.
It is important that the protocols of both the client and server
match. The client is also forced to use NTLM if the server displays
only NTLM in the package list.