+

Search Tips   |   Advanced Search

Server and administrative security

The term administrative security refers to providing the authentication of users that use the WebSphere administration functions, the use of SSL, and the choice of user account repository.

These functions are available using other registries, but require identity mapping through modifications to the WAS system login configuration and JAAS login modules.

The realm can be the machine name of a Local OS user registry if all appservers reside on the same physical machine, otherwise the realm should be the machine name of an LDAP user registry. LDAP is a distributed user registry, this allows for a multiple node configuration in a WAS ND environment. The basic requirement for a security domain is that the access ID returned by the registry from one server within the security domain is the same access ID returned from the registry on any other server within the same security domain. The access ID is the unique identification of a user and is used during authorization to determine if access is permitted to the resource.

Admin security in a domain consists of configuring:

We can disable security on individual application servers while administrative security is enabled, however, we cannot enable security on an individual application server while administrative security is disabled.

If cell security is enabled, but security for individual servers is disabled, Java applications are not authenticated or authorized. However, naming and administrative security is still enforced. Consequently, because naming services can be called from user applications, grant Everyone access to the naming functions required so that these functions accept unauthenticated requests. User code does not directly access administrative security except through the supported scripting tools.


Related:

  • Administrative security