Use these steps to configure local operating system user registries.
For detailed information about using the local operating system user registry, see Local operating system user registries. These steps set up security based on the local operating system user registry on which WebSphere Application Server is installed.
For
security purposes, the WebSphere Application Server provides and supports
the implementation for Windows operating system registries, AIX, Solaris
and multiple versions of Linux operating systems. The respective operating
system application programming interface (API) are called by the product
processes (servers) for authenticating a user and other security-related
tasks (for example, getting user or group information). Access to
these APIs are restricted to users who have special privileges. These
privileges depend on the operating system and are described below.
Before
configuring the Local OS user registry you need to know the user name
(ID) and password to use. This user can be any valid user in the user
registry. This user is referred to as either a product security server
ID, a server ID, or a server user ID in the documentation. Having
a server ID means that a user has special privileges when calling
protected internal methods. Normally, this ID and password are used
to log into the administrative console after security is turned on.
You can use other users to log in if those users are part of the administrative
roles. When security is enabled, this server ID and password are authenticated
with the user registry during product startup. If authentication fails,
the server does not come up. So it is important to choose an ID and
password that do not expire or change often. If the product server
user ID or password need to change in the user registry, ensure that
the changes are performed when all the product servers are up and
running. After the changes are completed in the user registry, use
the following steps to change the ID and the password information.
Save, stop, and restart all the servers so that the product can use
the new ID or password. If any problem arises after starting the product
because of authentication problems that cannot be fixed, disable security
before the server can start up. To avoid this step, make sure that
the changes are validated in the Global Security panel. After the
server is up, change the ID and password information and enable security.
When a
local OS user registry is chosen, the started task identity is chosen
as the server identity. A user ID and password are not required to
configure the server.
When you set up a user registry for WebSphere
Application Server, the System Authorization Facility (SAF) works
in conjunction with the user registry to authorize applications to
run on the server. For more information on the SAF capabilities, see System Authorization Facility user registries.
Complete the following steps to configure additional properties that
are associated with the local OS user registry and SAF configuration.
The following steps are needed
to perform this task initially when setting up security for the first
time.
For any changes in this panel to be effective, you need to save, stop, and start all the product servers, including deployment managers, nodes and application servers. If the server comes up without any problems, the setup is correct.
After completed these steps, you have configured WebSphere Application Server to use the local OS user registry to identify authorized users.
Complete any remaining steps for enabling security. For more information, see Enabling security for all application servers.
In this information ...Subtopics
Related concepts
Related tasks
Related reference
| IBM Redbooks, demos, education, and more(Index) |