Network Deployment (Distributed operating systems), v8.0 > Scripting the application serving environment (wsadmin) > Scripting for security
Configure security with scripting
Overview
If you enable security for an application server cell, supply authentication information to communicate with servers. Configure using...- sas.client.props
- soap.client.props
...located in...
-
$PROFILE_ROOT/properties
Procedure
- The nature of the properties file updates required for running in secure mode depend on whether you connect with a Remote Method Invocation (RMI) connector, a JSR160RMI connector, an Inter-Process
Communications (IPC) or a SOAP connector:
- If you use a RMI connector or a JSR160RMI
connector, set the following properties in the sas.client.props file with the appropriate values:
com.ibm.CORBA.loginUserid= com.ibm.CORBA.loginPassword=
Also, set the following property:com.ibm.CORBA.loginSource=properties
The default value for this property is prompt in the sas.client.props file. If you leave the default value, then a dialog box is displayed with a password prompt. If the script is running unattended, then the system stops. - If you use a SOAP connector, set the following properties in the soap.client.props file with the appropriate values:
com.ibm.SOAP.securityEnabled=true com.ibm.SOAP.loginUserid= com.ibm.SOAP.loginPassword=
Optionally, set the following property:
com.ibm.SOAP.loginSource=none
The default value for this property is prompt in the soap.client.props file. If you leave the default value, a dialog box is displayed with a password prompt. If the script is running unattended, then the system stops. - If you use an IPC connector, set the following properties in the ipc.client.props file with the appropriate values:
com.ibm.IPC.loginUserid= com.ibm.IPC.loginPassword=
Optionally, set the following property:
com.ibm.IPC.loginSource=prompt
The default value for this property is prompt in the soap.client.props file. If you leave the default value, a dialog box appears with a password prompt. If the script is running unattended, it appears to hang.
- If you use a RMI connector or a JSR160RMI
connector, set the following properties in the sas.client.props file with the appropriate values:
- Specify user and password information. Choose one of the following methods:
- Specify user name and password on a command line, using the -user and -password commands, as the following examples demonstrate:
wsadmin -conntype JSR160RMI -port 2809 -user u1 -password secret1
- Specify user name and password in the sas.client.props file for an RMI connector, the ipc.client.props file for the IPC
connector, or the soap.client.props file for a SOAP connector.
If you specify user and password information on a command line and in the sas.client.props file or the soap.client.props file, the command line information overrides the information in the props file.
(AIX)
(Solaris) The use of -password option may
result in security exposure as the password information becomes visible
to the system status program such as ps command which can be invoked
by other user to display all the running processes. Do not use this option if security exposure is a concern. Instead, specify user and password information in the soap.client.props file for the SOAP connector, the sas.client.props file for the JSR160RMI connector or the Remote Method Invocation (RMI) connector, or the ipc.client.props file for the IPC connector. The soap.client.props, sas.client.props, and ipc.client.props
files are located in the properties directory of your profile.
- Specify user name and password on a command line, using the -user and -password commands, as the following examples demonstrate:
Related
Enable and disable security using scripting
Enable and disable Java 2 security using scripting
Configure multiple security domains using scripting
Configure the JACC provider for Tivoli Access Manager using the wsadmin utility
Secure communications using wsadmin
Enable authentication in the file transfer service using scripting
Propagate security policy of installed applications to a JACC provider using wsadmin.sh
Configure custom adapters for federated repositories using wsadmin
Disable embedded Tivoli Access Manager client using wsadmin
Configure security auditing using scripting
SSLMigrationCommands command group
IdMgrConfig command group
IdMgrRepositoryConfig command group
IdMgrRealmConfig command group
IdMgrDataModel command group
IdMgrDBSetup command group
WIMManagementCommands command group
DescriptivePropCommands command group
ManagementScopeCommands command group
AuthorizationGroupCommands command group
ChannelFrameworkManagement command group
SpnegoTAICommands group (deprecated)
The Kerberos configuration file
SPNEGO web authentication configuration commands
SPNEGO web authentication filter commands
Kerberos authentication commands
LTPA_LDAPSecurityOn and LTPA_LDAPSecurityOff command usage
JaspiManagement command group
Use wsadmin scripting
Get started with wsadmin scripting
Start the wsadmin scripting client using wsadmin.sh
Related