Network Deployment (Distributed operating systems), v8.0 > Scripting the application serving environment (wsadmin) > Scripting for security > Configure security with scripting

Enable and disable security using scripting

We can use scripting to enable or disable application security, global security, administrative security based on the LocalOS registry, and authentication mechanisms. See the Starting the wsadmin scripting client article for more information.

The default profile sets up procedures so that you can enable and disable administrative security based on LocalOS registry.

Procedure

• Use the isAppEnabled command to determine if application security is enabled or disabled:

  ### Jacl

  $AdminTask isAppSecurityEnabled {}
  

  ### Jython

  AdminTask.isAppSecurityEnabled()
  

  This command returns a value of true if appEnabled is set to true. Otherwise, returns a value of false.

• Use the isGlobalSecurityEnabled command to determine if administrative security is enabled or disabled, as the following example demonstrates:

  ### Jacl

  $AdminTask isGlobalSecurityEnabled{}
  

  ### Jython

  AdminTask.isGlobalSecurityEnabled()
  

  Returns a value of true if enabled is set to true. Otherwise, returns a value of false.

• Use the setGlobalSecurity command to set administrative security based on the passed in value:

  ### Jacl

  $AdminTask setGlobalSecurity {-enabled true}
  

  ### Jython

  AdminTask.setGlobalSecurity ('[-enabled true]')
  

  Returns a value of true if the enabled field in the WCCM security model is successfully updated. Otherwise, returns a value of false.

• Use the help command to find out the arguments that you need to provide with this call:

  ### Jacl

  securityon help
  

  Example output:

  Syntax: securityon user password
  

  ### Jython

  securityon()
  

  Example output:

  Syntax: securityon(user, password)
  

• Enable administrative security based on the LocalOS registry, as the following example demonstrates:

  ### Jacl

  securityon user1 password1
  

  ### Jython

  securityon('user1', 'password1')
  

• Disable administrative security based on the LocalOS registry, as the following example demonstrates:

  ### Jacl

  securityoff
  

  ### Jython

  securityoff()
  

• Enable and disable LTPA and Kerberos authentication.

  Use the setActiveAuthMechanism command to set Kerberos as the authentication mechanism in the security configuration, as the following example demonstrates:

  AdminTask.setActiveAuthMechanism('-authMechanismType KRB5')
  

  Use the setActiveAuthMechanism command to set LTPA as the authentication mechanism in the security configuration, as the following example demonstrates:

  AdminTask.setActiveAuthMechanism('-authMechanismType LTPA')
  

  Additionally, there are sample scripts located in the <WAS_ROOT>/bin directory on how to enable and disable LTPA authentication. The scripts are:

  • LTPA_LDAPSecurityProcs.py (python script)

  • LTPA_LDAPSecurityProcs.jacl (jacl script)

  The scripts hard code the type of LDAP server and base distinguished name (baseDN). The LDAP server type is hardcoded as IBM_DIRECTORY_SERVER and the baseDN is hardcoded as o=ibm,cn=us.

Configure security with scripting
Enable security for the realm
Start the wsadmin scripting client using wsadmin.sh

Related

Kerberos authentication commands
Get started with wsadmin scripting

+

Search Tips   |   Advanced Search