Encryption Technologies: Examples |
Startup of a UNIX Spawner on a SAS/CONNECT Server |
After digital certificates are generated for the CA, the server, and the client, and a CA trust list for the client is created, you can start a UNIX spawner program that runs on a server that SAS/CONNECT clients connect to.
% sastcpd -service unxspawn -netencryptalgorithm ssl -sslcertloc /users/server/certificates/server.pem -sslpvtkeyloc /users/server/certificates/serverkey.pem -sslpvtkeypass starbuck1 -sslcalistloc /users/server/certificates/sas.pem -sascmd /users/server/command.ksh
The following table explains the SAS commands that are used to start a spawner on a SAS/CONNECT single-user server.
SAS Commands and Arguments | Function |
---|---|
sastcpd | Starts the spawner |
-service unxspawn | Specifies the spawner service (configured in the services file) |
-netencryptalgorithm ssl | Specifies the SSL encryption algorithm |
-sslcertloc /users/server/certificates/server.pem | Specifies the file path for the location of the server's certificate |
-sslpvtkeyloc /users/server/certificates/serverkey.pem | Specifies the file path for the location of the server's private key |
-sslpvtkeypass password | Specifies the password to access the server's private key |
-sslcalistloc /users/server/certificates/sas.pem | Specifies the CA trust list |
-sascmd /users/server/command.ksh | Specifies the name of an executable file that starts a SAS session when you sign on without a script file |
Here is an example of an executable file:
#!/bin/ksh #---------------------------------- # mystartup #---------------------------------- . ~/.profile sas -dmr -noterminal $* #------------------------------
For complete information about starting a UNIX spawner, see Communications Access Methods for SAS/CONNECT and SAS/SHARE.
Connection of a SAS/CONNECT Client to a UNIX Spawner |
After a UNIX spawner is started on a SAS/CONNECT server, a SAS/CONNECT client can connect to it.
The following example shows how to connect a client to a spawner that is running on a SAS/CONNECT server:
options netencryptalgorithm=ssl; options sslcalistloc="/users/johndoe/certificates/cacerts.pem"; %let machine=apex.server.com; signon machine.spawner user=_prompt_;
The following table explains the SAS options that are used to connect to a SAS/CONNECT server.
SAS Options, Statements, and Arguments | Client Access Tasks |
---|---|
NETENCRYPTALGORITHM=ssl | Specifies the encryption algorithm |
SSLCALISTLOC=cacerts.pem | Specifies the CA trust list |
SIGNON=server-ID.service | Specifies the server and service to connect to |
USER=_PROMPT_ | Prompts for the user ID and password to be used for authenticating the client to the server |
The server-ID and the server's Common Name, which was specified in the server's digital certificate, must be identical.
For complete information about connecting to a UNIX spawner, see Communications Access Methods for SAS/CONNECT and SAS/SHARE.
Copyright © 2010 by SAS Institute Inc., Cary, NC, USA. All rights reserved.