Previous Page | Next Page

Encryption Technologies: Examples

SSL for a SAS/CONNECT UNIX Spawner: Example


Startup of a UNIX Spawner on a SAS/CONNECT Server

After digital certificates are generated for the CA, the server, and the client, and a CA trust list for the client is created, you can start a UNIX spawner program that runs on a server that SAS/CONNECT clients connect to.

For example:

% sastcpd -service unxspawn -netencryptalgorithm ssl 
-sslcertloc /users/server/certificates/server.pem 
-sslpvtkeyloc /users/server/certificates/serverkey.pem 
-sslpvtkeypass starbuck1
-sslcalistloc /users/server/certificates/sas.pem
-sascmd /users/server/command.ksh

The following table explains the SAS commands that are used to start a spawner on a SAS/CONNECT single-user server.

SAS Commands and Arguments for Spawner Start-Up Tasks
SAS Commands and Arguments Function
sastcpd Starts the spawner
-service unxspawn Specifies the spawner service (configured in the services file)
-netencryptalgorithm ssl Specifies the SSL encryption algorithm
-sslcertloc /users/server/certificates/server.pem Specifies the file path for the location of the server's certificate
-sslpvtkeyloc /users/server/certificates/serverkey.pem Specifies the file path for the location of the server's private key
-sslpvtkeypass password Specifies the password to access the server's private key
-sslcalistloc /users/server/certificates/sas.pem Specifies the CA trust list
-sascmd /users/server/command.ksh Specifies the name of an executable file that starts a SAS session when you sign on without a script file

Here is an example of an executable file:

#!/bin/ksh
#----------------------------------
# mystartup
#----------------------------------

. ~/.profile
sas -dmr -noterminal $*
#------------------------------

For complete information about starting a UNIX spawner, see Communications Access Methods for SAS/CONNECT and SAS/SHARE.


Connection of a SAS/CONNECT Client to a UNIX Spawner

After a UNIX spawner is started on a SAS/CONNECT server, a SAS/CONNECT client can connect to it.

The following example shows how to connect a client to a spawner that is running on a SAS/CONNECT server:

options netencryptalgorithm=ssl;
options sslcalistloc="/users/johndoe/certificates/cacerts.pem";
%let machine=apex.server.com;
signon machine.spawner user=_prompt_;

The following table explains the SAS options that are used to connect to a SAS/CONNECT server.

SAS Options, Statements, and Arguments for Client Access to a SAS/CONNECT Server
SAS Options, Statements, and Arguments Client Access Tasks
NETENCRYPTALGORITHM=ssl Specifies the encryption algorithm
SSLCALISTLOC=cacerts.pem Specifies the CA trust list
SIGNON=server-ID.service Specifies the server and service to connect to
USER=_PROMPT_ Prompts for the user ID and password to be used for authenticating the client to the server

The server-ID and the server's Common Name, which was specified in the server's digital certificate, must be identical.

For complete information about connecting to a UNIX spawner, see Communications Access Methods for SAS/CONNECT and SAS/SHARE.

Previous Page | Next Page | Top of Page