SSL for a SAS/CONNECT UNIX Spawner: Example

Start-up of a UNIX Spawner on a SAS/CONNECT Server

After digital certificates are generated for the CA, the server, and the client, and a CA trust list for the client is created, you can start a UNIX spawner program that runs on a server that SAS/CONNECT clients connect to.
The following example code starts the spawner using SSL encryption and specifies a private password that must be provided either through prompting or within a file: 
% sastcpd -service unxspawn -netencryptalgorithm ssl 
-sslcertloc /users/server/certificates/server.pem 
-sslpvtkeyloc /users/server/certificates/serverkey.pem 
-sslpvtkeypass starbuck1
-sslcalistloc /users/server/certificates/sas.pem
-sascmd /users/server/command.ksh
The following table explains the SAS commands that are used to start a spawner on a SAS/CONNECT single-user server.
SAS Commands and Arguments for Spawner Start-Up Tasks
SAS Commands and Arguments
Function
SASTCPD
Starts the spawner
-SERVICE unxspawn
Specifies the spawner service (configured in the services file)
-NETENCRYPTALGORITM SSL
Specifies the SSL encryption algorithm
-SSLCERTLOC /users/server/certificates/server.pem
Specifies the file path for the location of the server's certificate
-SSLPVTKEYLOC /users/server/certificates/serverkey.pem
Specifies the file path for the location of the server's private key
-SSLPVTKEYPASS password
Specifies the password to access the server's private key
-SSLCALISTLOC /users/server/certificates/sas.pem
Specifies the CA trust list
-SASCMD /users/server/command.ksh
Specifies the name of an executable file that starts a SAS session when you sign on without a script file
In order for the UNIX spawner to locate the appropriate server digital certificate, you must specify the -SSLCERTLOC and -SSLPVTKEYLOC or the SSLPKCS12LOC and SSLPKCS12PASS system options in the script that is specified by the -SASCMD option.
For complete information about starting a Windows spawner, see Communications Access Methods for SAS/CONNECT and SAS/SHARE.
Here is an example of an executable file: 
#!/bin/ksh
#----------------------------------
# mystartup
#----------------------------------

. ~/.profile
sas -noterminal -sslcertloc /users/server/certificates/server.pem 
-sslpvtkeyloc /users/server/certificates/serverkey.pem $*
#------------------------------
For complete information about starting a UNIX spawner, see Communications Access Methods for SAS/CONNECT and SAS/SHARE.

Connection of a SAS/CONNECT Client to a UNIX Spawner

After a UNIX spawner is started on a SAS/CONNECT server, a SAS/CONNECT client can connect to it.
The following example shows how to connect a client to a spawner that is running on a SAS/CONNECT server: 
options netencryptalgorithm=ssl;
options sslcalistloc="/users/johndoe/certificates/cacerts.pem";
%let machine=apex.server.com;
signon machine.spawner user=_prompt_;
The following table explains the SAS options that are used to connect to a SAS/CONNECT server.
SAS Options, Statements, and Arguments for Client Access to a SAS/CONNECT Server
SAS Options, Statements, and Arguments
Client Access Tasks
NETENCRYPTALGORITHM=SSL
Specifies the encryption algorithm
SSLCALISTLOC=cacerts.pem
Specifies the CA trust list
SIGNON=server-ID.service
Specifies the server and service to connect to
USER=_PROMPT_
Prompts for the user ID and password to be used for authenticating the client to the server
The server-ID and the server's Common Name, which was specified in the server's digital certificate, must be identical.
For complete information about connecting to a UNIX spawner, see Communications Access Methods for SAS/CONNECT and SAS/SHARE.
Copyright © SAS Institute Inc. All rights reserved.