Configuring DIGEST-MD5 authentication on the Directory Server

 

Use this information to configure DIGEST-MD5 authentication on the Directory Server. DIGEST-MD5 is an SASL authentication mechanism. When a client uses DIGEST-MD5, the password is not transmitted in clear text and the protocol prevents replay attacks. The Web administration tool is used to configure DIGEST-MD5.

  1. Under Server administration, expand the Manage security properties category in the navigation area and select the DIGEST-MD5 tab.

    To change server configuration settings using the tasks in the Server administration category of the Web Administration tool, authenticate to the server as an i5/OS® user profile that has *ALLOBJ and IOSYSCFG special authorities. This can be done by authenticating as a projected user with the password for that profile. To bind as a projected user from the Web administration tool, enter a username of the form os400-profile=MYUSERNAME,cn=accounts,os400-sys=MYSYSTEM.COM, where MYUSERNAME and the MYSYSTEM.COM strings are replaced with your user profile name and the configured system projection suffix, respectively.

  2. Under Server realm, use the preselected Default setting, which is the fully qualified host name of the server, or you can click Realm and type the name of the realm that you want to configure the server as. This realm name is used by the client to determine which user name and password to use. When using replication, you want to have all the servers configured with the same realm.

  3. Under Username attribute, use the preselected Default setting, which is uid, or you can click Attribute and type the name of the attribute that you want the server to use to uniquely identify the user entry during DIGEST-MD5 SASL binds.

  4. If you are logged in as the directory administrator, under Administrator username, type the administrator username. This field cannot be edited by members of the administrative group. If the username specified on a DIGEST-MD5 SASL bind matches this string, the user is the administrator.

    The administrator username is case-sensitive.

  5. When you are finished, click OK.

 

Parent topic:

Security property tasks

 

Related reference


Authentication