Set local operating system registries


Use these steps to configure local operating system registries.

For detailed information about using the local operating system user registry, see Local operating system registries. These steps set up security based on the local operating system user registry on which WAS is installed.

For security purposes, the WAS provides and supports the implementation for Windows operating system registries, AIX, Solaris and multiple versions of Linux operating systems. The respective operating system API are called by the product processes (servers) for authenticating a user and other security-related tasks (for example, getting user or group information). Access to these APIs are restricted to users who have special privileges. These privileges depend on the operating system and are described below.

In WAS V 6.1, we can use an internally-generated server ID because the Security WebSphere Common Configuration Model (WCCM) model contains a new tag, internalServerId. You do not need to specify a server user ID and a password during security configuration except in a mixed-cell environment. See Administrative roles and naming service authorization for more detailed information about the new internal server ID.

(Windows) Consider the following issues:

Consider the following points:

The following steps are needed to perform this task initially when setting up security for the first time.

 

  1. Click...

      Security | Global security

  2. Under User account repository, select Local operating system and click Configure.

  3. Enter a valid user name in the Primary administrativeistrative user name field. This value is the name of a user with admin privileges that is defined in the registry. This user name is used to access the admin console or used by wsadmin.

  4. Click Apply.

  5. Select either the Automatically generated server identity or Server identity that is stored in the repository option.

    If we select the Server identity that is stored in the repository option, enter the following information:

    Server user ID or admin user on a V6.0.x node

    Specify the short name of the account that is chosen in the second step.

    Server user password

    Specify the password of the account that is chosen in the second step.

  6. Click OK.

    The admin console does not validate the user ID and password when you click OK. Validation is only done when you click OK or Apply in the Global security panel. First, make sure that you select Local operating system as the available realm definition in the User account repository section, and click Set as current. If security was already enabled and you had changed either the user or the password information in this panel, make sure to go to the Global security panel and click OK or Apply to validate your changes. If the changes are not validated, the server might not start.

    Until you authorize other users to perform administrative functions, we can only access the admin console with the server user ID and password specified.

    See Authorizing access to admin roles.

 

Results

For any changes in this panel to be effective, we need to save, stop, and start all WAS ND servers, including dmgrs, nodes and appservers. If the server comes up without any problems, the setup is correct.

After completed these steps, we have configured WAS to use the local operating system registry to identify authorized users.

 

Next steps

Complete any remaining steps for enabling security.

See Enable security.


Set user ID for proper privileges
Local operating system settings
Local operating system wizard settings

 

Related concepts


Standalone LDAP registries

 

Related tasks


Enable security
Authorizing access to admin roles
Select a registry or repository