Use these steps to configure
local operating system registries.
Before you begin
For detailed information about using the local operating
system user registry, see Local operating system registries. These steps set up security
based on the local operating system user registry on which WebSphere
Application Server is installed.
In
WebSphere Application Server Version 6.1, you can use an internally-generated
server ID because the Security WebSphere Common Configuration Model
(WCCM) model contains a new tag, internalServerId. You do not need
to specify a server user ID and a password during security configuration
except in a mixed-cell environment. See Administrative roles and naming service authorization for more detailed
information about the new internal server ID.
About this task
The following steps are needed to perform
this task initially when setting up security for the first time.
Procedure
- Click Security > Secure administration,
applications, and infrastructure.
- Under User account repository, select Local
operating system and click Configure.
- Enter a valid user name in the Primary
administrative user name field. This value is the name
of a user with administrative privileges that is defined in the registry.
This user name is used to access the administrative console or used
by wsadmin.
- Click Apply.
- Select either the Automatically generated
server identity or Server identity that is stored in the repository option.
If you select the Server identity that is stored in the repository option,
enter the following information:
- Server user ID or administrative user on a Version 6.0.x node
- Specify the short name of the account that is chosen in the second
step.
- Server user password
- Specify the password of the account that is chosen in the second
step.
- Enter a valid user
profile name in the Primary administrative user name field.
The Primary administrative user name specifies the user profile
to use when the server authenticates to the underlying operating system.
This identity is also the user that has initial authority to access
the administrative application through the administrative console.
The administrative user ID is common to all user registries. The administrative
ID is a member of the chosen registry and it has special privileges
in WebSphere Application Server. However, it does not have any special
privileges in the registry that it represents. In other words, you
can select any valid user ID in the registry to use as the administrative
user ID or server user ID.
For the
Primary administrative
user name field, you can specify any user profile that meets this
criteria:
- The user profile has a status of *ENABLED.
- The user profile has a valid password.
- The user profile is not used as a group profile.
Important: A group profile is assigned a unique group ID number,
which is not assigned to a regular user profile. Run the DSPUSRPRF Display
User Profile command to determine if the user profile you want to
use as the Primary administrative user name has a defined group ID
number. If the Group ID field is set to *NONE, you
can use the user profile as the Primary administrative user name.
- Click OK.
The administrative console
does not validate the user ID and password when you click OK.
Validation is only done when you click OK or Apply in
the Secure administration, applications, and infrastructure panel.
First, make sure that you select Local operating system as
the available realm definition in the User account repository section,
and click Set as current. If security was already enabled and
you had changed either the user or the password information in this
panel, make sure to go to the Secure administration, applications,
and infrastructure panel and click OK or Apply to validate
your changes. If your changes are not validated, the server might
not start.
Important: Until you authorize other users
to perform administrative functions, you can only access the administrative
console with the server user ID and password that you specified. For
more information, see
Authorizing access to administrative roles.
Results
For any
changes in this panel to be effective, you need to save, stop, and
start all the product servers, including deployment managers, nodes
and application servers. If the server comes up without any problems,
the setup is correct.
After completed these steps, you have configured
WebSphere Application Server to use the local operating system registry
to identify authorized users.
What to do next
Complete any remaining
steps for enabling security. For more information, see Enabling security.