Previous Page | Next Page

Windows: TCP/IP Access Method

Data Security for SAS/CONNECT or SAS/SHARE Servers


Client Authentication

Authentication is the act of verifying the identity of the user who is attempting to access a machine--that is, the machine that either the client session or the server session runs on. Authentication is performed so that a machine can use the identity information to make decisions about the user's authority to access protected resources. Under Windows, the user ID, password, and access permissions make up a user context.

Resources on a SAS/CONNECT or a SAS/SHARE server are considered to be protected when both of the following conditions are met:

After the client's identity is authenticated, the client is given the appropriate permissions to access the server's resources.

Under Windows, two methods are available for authenticating a client's identity:


Simulated Logon Method

The simulated logon method is the most commonly used method of authentication and is available in all SAS supported operating environments. In a simulated logon, the client provides a user ID and password that are checked by the server.

You use a simulated logon in the following situations:

For details about user context, see Contexts for User IDs.

Requirements for Using Simulated Logon with SAS/CONNECT or SAS/SHARE

To authenticate user credentials (user ID and password) of SAS/CONNECT or SAS/SHARE clients, the administrator of the computers that the SAS/CONNECT client and server sessions or the SAS/SHARE client and server sessions run on must assign the appropriate rights to users.

Here are the requirements for SAS/CONNECT and SAS/SHARE:

Here are the requirements for SAS/CONNECT only:

Here are the requirements for SAS/SHARE only:


SSPI

Security Support Provider Interface (SSPI) enables transparent authentication for connections between Windows computers. Users that are members of a trusted domain are authenticated automatically, and user context information is transferred to the server.

Windows attempts to use SSPI for authentication whenever a user ID is not explicitly supplied.

SSPI is available only when the client and the server sessions both run on Windows computers, and the user who runs the client computer is a member of a domain that is trusted at the server computer.


SSPI Requirement for SAS/CONNECT

In order to use SSPI for authentication, the SAS/CONNECT server administrator must set the -SECURITY option at spawner invocation.


SSPI Requirement for SAS/SHARE

In order to use SSPI for authentication, the SAS/SHARE server administrator must do the following:

Previous Page | Next Page | Top of Page