InfoCenter Home >
6: Administer applications >
6.6: Tools and resources quick reference >
6.6.18: Securing applications >
6.6.18.0: General security properties >
6.6.18.0.2: Properties for configuring security using local operating system
Key:
Applies to Java administrative console of Advanced Edition Version 4.0
Applies to Web administrative console of Advanced Single Server Edition Version 4.0
Applies to Application Client Resource Configuration Tool
-
Authentication Mechanism
- Select how to authenticate users that try to access applications.
- Against the local operating system user registry, or
- Against an LTPA based LDAP registry or custom registry
Note that the local operating system user registry is intended for single machine
and single application server environments. Advanced Single Server Edition supports
only the local operating system mechanism.
When form-based login is used
with local operating system
authentication, the user information is stored in the HTTP session. Using an HTTP connection
is not very secure, meaning the information can be obtained by others. Using SSL connections
(HTTPS) between the browser and the Web server will improve security.
When security is enabled for the first time
with the LTPA authentication mechanism selected, you will be prompted to
enter a password for encrypting and decrypting LTPA keys. Make
sure you remember the password! For more information about LTPA keys, refer to
the article about making LTPA-secured calls across WebSphere domains.
-
Security Server ID
or Server ID
- The user ID under which the server runs, for security purposes.
This ID is not associated with the system process. This ID refers to the application security
context within the WebSphere Application Server product.
If using local operating system authentication, the following conditions apply:
- On UNIX operating systems, the ID must be root or have root authority.
- On Windows operating systems, the account must be a member of the Administrators group and
must have the rights to "Log on as a service" and "Act as part of the operating system." If the
Windows machine is a member of an NT domain, then the ID must also be an administrator in
the NT domain. Do not use an account whose name matches the name of your machine or
Windows Domain.
If using LDAP or custom registry authentication (not available for Advanced Single
Server Edition), the following conditions apply:
- The user should be a valid user in the LDAP or custom registry
- The user should not be a root DN or administrator DN because those
users are not always in the directory in all LDAP implementations.
-
Security Server Password
or Server Password
- The password corresponding to the server ID
|
|