(iseries)

Back up security configuration files

Back up the security configuration files to prevent the loss of information due to a potential system failure.

Consider backing up the following security information:

• Back up the user profiles.

  When you use local OS security, back up the user profiles, using the normal save procedures for user profiles. For more information, see the Backup and Recovery Guide by searching for "Saving group and user profiles" in the iSeries information center.

  For information about the Directory Services Product (LDAP server), see the iSeries information center.

  For information about Lotus Domino , see the Lotus Domino reference library.

• Back up the security property files.

  Security settings are saved in several properties files. By default, these properties are located in the profile_root/properties directory. The default stand-alone profile name is default. If we define additional WebSphere Application Server profiles, there are additional properties files located in the directories for those profiles.

  The following command saves all of the properties in the /SAS subdirectory:

  SAV DEV('/QSYS.lib/wsalib.lib/wsasavf.file')
  OBJ(('profile_root/properties/sas*'))

  This previous command is on two lines for illustrative purposes only. Enter it as one continuous line

  We can save security property files while WebSphere Application Server is running.

• Back up the HTTP configuration.

  The following information applies to IBM HTTP Server. If we are using Lotus Domino HTTP Server, see the Notes .net Documentation Library.

  Changes to the HTTP configuration are often made to enable WebSphere Application Server to serve servlets and JSP file requests and to enable WAS security. Consider saving the HTTP configuration as a part of the WAS backup and recovery. The IBM HTTP Server configurations are stored as members of the QATMHTTPC file in the QUSRSYS library. HTTP server instances are members of the QATMHINSTC file in the QUSRSYS library. The following example commands back up these files:

  SAVOBJ OBJ(QUSRSYS/QATMHTTPC)
   SAVOBJ OBJ(QUSRSYS/QATMHINSTC)

• Back up the key files.

  The key files contain certificates used by the security infrastructure for WebSphere Application Server. These certificates are also used for HTTPS transport between servers. Save all of the files in the profile_root/etc directory. Key files are contained in the profile_root/etc directory, but administrators might create and store these files in other directories.

• Back up the validation lists.

  Passwords are stored as encrypted data in validation list objects when you use the OS/400 password encoding algorithm. The default validation list is /QSYS.LIB/QUSRSYS.LIB/EJSADMIN.VLDL, but we can change it in the console by specifying it as a system property for the application server. See the information about administering application servers.

What to do next

For more information on backup and recovery strategies, see the following references:

• iSeries Information Center

• iSeries Backup and Recovery Version 5

• http://publib.boulder.ibm.com/infocenter/iseries/v5r3/topic/rzamy/50/sec/isecref.htm

Related tasks

Tuning, hardening, and maintaining security configurations

Administer application servers

Security: Resources for learning