Valid in: | configuration file, SAS invocation, metadata |
Categories: | System Administration: Security |
Environment control: Initialization and operation | |
PROC OPTIONS GROUP= | EXECMODES |
SECURITY | |
Default: | "Kerberos,NTLM" |
Restriction: | Windows operating environment only |
See: | SECPACKAGE System Option |
SSPI System Option |
negotiate
.
The IOM server requires these two security package options to support
single sign-on (SSO) to IOM servers. The connecting client should
initialize with a security package name that matches what you have
specified on the server. The negotiate
value
allows the client and server to negotiate a site-specific package
to use.
-sspi -secpackagelist "kerberos"In the preceding example, SECPACKAGE does not have to be specified because it defaults to
negotiate
.
The only protocol in the list to negotiate is Kerberos. Therefore,
all clients that connect to the server must use Kerberos or fail the
connection. It is important that the protocols of both the client
and server match. The client is also forced to use Kerberos if the
server displays only Kerberos in the package list.
-sspi -secpackagelist "ntlm"In the preceding example, SECPACKAGE does not have to be specified because it defaults to
negotiate
.
The only protocol in the list to negotiate is NTLM. Therefore, all
clients that connect to the server must use NTLM or fail the connection.
It is important that the protocols of both the client and server
match. The client is also forced to use NTLM if the server displays
only NTLM in the package list.