SAS/CONNECT 9.2 Driver for Java

Configuration File Options

This page describes all the options you can specify in the tunnel feature's configuration file and provides some general guidelines for specifying the options.

Configuration File Guidelines

When you modify the shrcgi.cfg file, make sure you follow these guidelines:

For each SASHOST, first specify the SASHOST identifier (which can include wildcards), then specify the options that apply to that host. If an option applies to more than one SASHOST, but not all SASHOSTs, you must repeat the option for each host. If you want an option to apply to all SASHOSTs, make it a global option by placing it before the first SASHOST line.
The options SASPORT, RESPONSE_x, CLIENTHOST, and USERNAME have ALLOW and DISALLOW lists. The ALLOW lists and DISALLOW lists have similar functions: they both controls which machines and users are able to connect to the remote SAS sessions. Use one or the other depending on which will require a shorter list.

The DISALLOW list takes precedence over the ALLOW list. When the tunnel feature's server programs receive a request from the applet, they check the DISALLOW list first. If the request matches any value in the DISALLOW list, the request is rejected. The ALLOW list is checked only if the DISALLOW list is not present or if the request did not match any values specified in the DISALLOW list. If an ALLOW list is present, the request must match an option in the ALLOW list; otherwise, the request is rejected.
You can use the asterisk (*) wildcard when specifying values in ALLOW or DISALLOW lists. For example, C*AT matches CAT, CHAT, and CRAVAT.
You can use aliases in the configuration file to mask the actual SAS command that is being used to invoke the remote SAS session. By masking the SAS command, the tunnel feature avoids exposing any specific information about the configuration of your system.
You can specify only one set of options for each host. If you specify a second set of options for a host, the second set is ignored. For example, if you specify options for the host identifier TEST*, and then you specify options for TEST2, the tunnel feature ignores the options that are specified for TEST2. When it receives a request that includes TEST2, the tunnel feature checks the request against the options specified for TEST*.
If a configuration file entry accepts multiple values, delimit the values with commas only.
Leading spaces are ignored.
Line continuation is not supported. You can use lines up to 256 characters.
To enter a comment, enter a pound sign (#) as the first character on each line of the comment. The Message Router ignores lines that begin with the pound sign.

Configuration File Example

The following configuration options apply to two hosts: TESTER and WIZARD.

     SASHOST=TESTER
     ALLOW_USERNAME=XYZ,A*,QRS
     DISALLOW_USERNAME=ABC

     SASHOST=WIZARD
     ALLOW_RESPONSE_3=sas,sas -dms

The USERNAME specifications apply only to the TESTER host, and the SASCOMMAND specification applies only to the WIZARD host. Only users with the IDs XYZ, QRS, and those starting with A, except ABC, can connect to the host machine TESTER. On WIZARD, the only SAS commands allowed are the two commands shown in the ALLOW list (assuming that RESPONSE_3 is defined as the response to the command prompt).

Configuration Option

This section lists the options you can define in the tunnel feature's configuration file.

Options for SAS/SHARE Servers and SAS/CONNECT Servers

The following options apply to both SAS/SHARE and SAS/CONNECT:

SASHOST=hostname

Identifies the host (node) name or remote IP addresses of the machines on which your SAS/SHARE server is running or on which you want to start your SAS/CONNECT session. SASHOST specifies a single entry; it is not a comma delimited list. For each SASHOST, first specify the SASHOST identifier (which can include wildcards), then specify the options that apply to that host. Users cannot connect to hosts that are not included in the configuration file. To remove any restrictions on the hosts, use a wildcard to specify all hosts, SASHOST=*.

Note: The tunnel feature will look for an exact match, so if you specify a node name, but the request that tunnel feature receives uses the IP address for the same node, the tunnel feature will not recognize that the node name and IP address are for the same node.

ALLOW_SASPORT=port1,port2... DISALLOW_SASPORT=port1,port2...

Lists the ports that can/cannot be used to establish a connection. For the SAS/CONNECT, specify the ports on which the Telnet daemon or spawner will receive requests. For SAS/SHARE, list the public ports that SAS/SHARE server is listening to.

LOG=log_file_name

Identifies a log file that can be used for debugging tunneling problems.

Note: Information will be added to this log file every time the tunneling feature is used, potentially creating an extremely large file. Consider periodically deleting the contents of the file, or remove this option setting from the configuration file after your tunneling problems have been resolved.

ALLOW_RESPONSE_x=response1, response2... DISALLOW_RESPONSE_x=response1, response2...

Lists the allowed/disallowed Telnet (or spawner) responses where x is from 1 to 5. (The aliases $USERNAME and $PASSWORD are always allowed, provided you have defined them. See alias below.)

ALLOW_CLIENTHOST=node1,node2... DISALLOW_CLIENTHOST=node1,node2...

Lists the node names or remote IP addresses of the machines that can/cannot connect to a SAS/SHARE server or start a SAS/CONNECT session. The tunnel feature will look for an exact match, so if you specify a node name, but the request that the tunnel feature receives uses the IP address for the same node, the tunnel feature will not recognize that the node name and IP address are for the same node. Also, remember that the apparent requester might be a proxy executing the HTTP request on behalf of another machine.

TIMEOUT=nnn

Specifies the amount of time (in minutes) that the tunnel feature is to wait for activity before closing the connection between the Protocol Interpreter and the SAS/SHARE server or SAS/CONNECT session. The default timeout is 30 minutes. After the timeout expires, the tunnel feature closes the Protocol Interpreter and the session ends.

WAIT=nnn

Specifies the amount of time (in seconds) that the tunnel feature is to wait when connecting to a SAS/SHARE server or SAS/CONNECT session. The default time is 60 seconds.

alias=response-to-substitute

Specifies a response to substitute for the alias. Aliases are case insensitive, and the first character must be a dollar sign ($). For example, if you define the following alias:

   mycommand=sas -dmr

you could then refer to the command using its alias, like so:

   ALLOW_RESPONSE=$mycommand

Options for SAS/SHARE Servers Only

The following option applies to SAS/SHARE only:

HELLO=nnn: Specifies the amount of time (in seconds) that the tunnel feature will wait for SAS/SHARE initialization processing, which occurs immediately after the connection to the SAS/SHARE server is established. The default time is 45 seconds.

Options for SAS/CONNECT Servers Only

The following option applies to SAS/CONNECT only:

ALLOW_USERNAME=user1,user2... DISALLOW_USERNAME=user1,user2...: Lists the user names that can/cannot be used to log in to the remote SAS session.

Top of Page