UNIX: TCP/IP Access Method |
Task List |
Configure the SAS/SHARE server service.
Specify SAS options and security programs and services (optional).
If the server is to run secured, set the TCPSEC= option to require client authentication.
Configure the authorization of users on servers.
Configure the Authentication program.
Configure the Permission program.
Specify options to encrypt client/server data transfers.
Specify TCP/IP as the communications access method.
Specify the server.
Configuring the Server Service |
Each server must be defined as a service in the /etc/services file on each node that a client will access. For details about editing the /etc/services file, see Configuring the SERVICES File.
Example:
sassrv2 5011/tcp # SAS/SHARE server 2
Setting the TCPSEC Option to Require Client Authentication |
To authenticate connecting clients, you must specify the value _SECURE_ in the TCPSEC= option to require that clients provide a user ID and a password that are valid on the server. For details about the TCPSEC= option, see SAS/SHARE Options Only.
Example:
options TCPSEC=_secure_;
Configuring User Access Authority |
If SAS was installed from the root account, you can assume that the following task has already been performed. If SAS was not installed from the root account, in order to verify a client's identity and the user's authority to access resources, you must configure resources on the computer that the server runs on. You can provide security on the server by using one of the following:
From the root account, to access the SAS Setup Primary menu, issue the following command at a shell prompt (where !sasroot is the directory in which SAS was installed).
!sasroot/sassetup
From the SAS Setup Primary menu, select the following
Run Setup Utilities Perform SAS System Configuration Configure User AuthorizationAlternatively, issue the following commands at a UNIX shell prompt:
su root cd !sasroot/utilities/bin chown root sasauth sasperm sastcpd objspawn chmod 4755 sasauth sasperm sastcpd objspawn exit
Configuring the Authentication Program |
To configure the Authentication program, !sasroot/utilities/bin/sasauth must be owned by root, and the "Set-user-id" mode bit must be set for the file (chmod 4755 !sasroot/utilities/bin/sasauth ). The built-in Authentication program sasauth is started automatically when a client accesses a server that is secured. This program verifies the user ID and password that allows a client to access the server.
Configuring the Permission Program |
To configure the Permission program, !sasroot/utilities/bin/sasperm must be owned by root, and the "Set-user-id" mode bit is set for the file (chmod 4755 !sasroot/utilities/bin/sasperm ).
When given a validated user ID, the server automatically runs the default program sasperm . The sasperm program verifies that the requesting user has access authority to the file or to the directory that is specified. sasperm validates:
the user ID
the file or the directory path for a SAS library or SAS file
the file or the directory access permissions (read or write)
Encrypting Data in Server/Client Transfers |
If an encryption service is configured at the server, you can specify SAS options to encrypt data that a server transfers to a client. For example:
options netencrypt netencryptalgorithm=ssl; options sslcalistloc="/users/johndoe/certificates/cacerts.pem";
The NETENCRYPT option specifies that all data transfers between a server and a client will be encrypted. SSL is the encryption service that is specified in the NETENCRYPTALGORITHM= option. The SSLCALISTLOC= option specifies the name of a file that contains a list of CA certificates that are to be trusted. For details about encryption, see Encryption in SAS.
Specifying TCP/IP as the Communications Access Method |
You must specify the TCP/IP communications access method at the server before a client can access it. Use the COMAMID= option in an OPTIONS statement.
Example:
options comamid=tcp;
The COMAMID= option specifies the communications access method. TCP specifies the TCP/IP access method.
Alternatively, you can specify the COMAMID= option in a SAS start-up command or in a SAS configuration file.
Specifying the Server |
You must specify the name of the server in the SERVER= option in the PROC SERVER statement. Here is the syntax:
SERVER=server-ID
server-ID can be either a server-ID or a port number. The value for server-ID corresponds to the service that was configured in the /etc/services file. For details, see Configuring the SERVICES File. port is the unique number that is associated with the service that is used for transferring data between a client and a server.
Precede the port number with two consecutive underscores.
Note: Do not space after the first underscore or the second underscore.
Note: Specifying a server by using a port number is not supported for ODBC clients.
Examples:
proc server server=apex; proc server server=_ _5000;
For details about creating valid SAS names, see SAS Language Reference: Concepts. For details about PROC SERVER, see the SERVER procedure in the SAS/SHARE User's Guide.
SAS/SHARE Server Example |
The following example shows commands that you specify in the server configuration file on a UNIX computer. The value _SECURE_ that is specified in the TCPSEC option requires clients to provide a user ID and a password that are valid on the server.
-set TCPSEC _secure_ options comamid=tcp; proc server id=share1; run;
The COMAMID= option specifies the TCP/IP access method. The PROC SERVER statement specifies the server SHARE1.
Copyright © 2008 by SAS Institute Inc., Cary, NC, USA. All rights reserved.