InfoCenter Home >
6: Administer applications >
6.6: Tools and resources quick reference >
6.6.18: Securing applications >
6.6.18.0: General security properties >
6.6.18.0.2: Properties for configuring security using local operating system

6.6.18.0.2: Properties for configuring security using local operating system

Key:
Property name in the Java-based administrative console Applies to Java administrative console of Advanced Edition Version 4.0
Property name in the Web-based administrative console Applies to Web administrative console of Advanced Single Server Edition Version 4.0
Property name in the application client resource configuration tool Applies to Application Client Resource Configuration Tool

Authentication Mechanism  Property name in the Java-based administrative console
Select how to authenticate users that try to access applications.
  • Against the local operating system user registry, or
  • Against an LTPA based LDAP registry or custom registry

Note that the local operating system user registry is intended for single machine and single application server environments. Advanced Single Server Edition supports only the local operating system mechanism.

  When form-based login is used with local operating system authentication, the user information is stored in the HTTP session. Using an HTTP connection is not very secure, meaning the information can be obtained by others. Using SSL connections (HTTPS) between the browser and the Web server will improve security.

Security Server ID  Property name in the Java-based administrative console or Server ID  Property name in the Web-based administrative console
The user ID under which the server runs, for security purposes. This ID is not associated with the system process. This ID refers to the application security context within the WebSphere Application Server product.

If using local operating system authentication, the following conditions apply:

  • On UNIX operating systems, the ID must be root or have root authority.
  • On Windows operating systems, the account must be a member of the Administrators group and must have the rights to "Log on as a service" and "Act as part of the operating system." If the Windows machine is a member of an NT domain, then the ID must also be an administrator in the NT domain. Do not use an account whose name matches the name of your machine or Windows Domain.

If using LDAP or custom registry authentication (not available for Advanced Single Server Edition), the following conditions apply:

  • The user should be a valid user in the LDAP or custom registry
  • The user should not be a root DN or administrator DN because those users are not always in the directory in all LDAP implementations.
Security Server Password  Property name in the Java-based administrative console or Server Password  Property name in the Web-based administrative console
The password corresponding to the server ID
Go to previous article: Properties for configuring Secure Socket Layer (SSL) support Go to next article: Configuring SSL

 

 
Go to previous article: Properties for configuring Secure Socket Layer (SSL) support Go to next article: Configuring SSL