Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Select an authentication mechanism
Setting up Kerberos as the authentication mechanism for WAS
We must perform steps in this article in order to set up Kerberos as the authentication mechanism for WAS. JAX-WSKerberos authentication mechanism on the server side must be done by the system administrator and on the Java client side by end users. The Kerberos keytab file must to be protected.
We must first ensure that the KDC is configured. See your Kerberos Administrator and User's guide for more information.
Avoid trouble: When configuring the envar file for a z/OS KDC, order the encryption types from most secure to least secure for the SKDC_TKT_ENCTYPES environment variable. The z/OS KDC prefers to use the encryption types that are first in the list, from left to right.
We must perform the following steps in order to set up Kerberos as the authentication mechanism for WAS.
Procedure
- Create a Kerberos service principal name and keytab file
- Create a Kerberos configuration file
- Configure Kerberos as the authentication mechanism for WebSphere Application Sever
- Map a client Kerberos principal name to the WebSphere user registry ID
- Set up Kerberos as the authentication mechanism for the pure Java client (optional)