Save and restore: security

The following items should be considered for backup of security information:

• Users
• Security properties files
• Administrative configuration
• HTTP configuration
• Key files
• Validation lists

Users

When using local OS security, back up your OS/400 user profiles, using normal OS/400 save procedures for user profiles. For more information, see the Backup and Recovery Guide by selecting the Backup, Recovery, and Availability link in the iSeries Information Center.

For information on the Directory Services Product (LDAP server), see the iSeries Information Center.

For information on Domino, see the Domino Reference Library (http://doc.notes.net/domino_notes/5.0/as400/as400hlp.nsf) .

Security properties files

Security settings are saved in several properties files. By default, these are located in /QIBM/Userdata/WebAS5/Base/instanceName/properties where instanceName is the name of your instance. The default instance name is default. If you have defined additional WebSphere instances, you will have additional properties files located in the directories for those instances.

SAV DEV('/QSYS.lib/wsalib.lib/wsasavf.file')
OBJ(('instance/properties/sas*'))

Note: This command has been wrapped for display purposes. Enter it as one command.

Security property files can be saved while WebSphere is running.

HTTP configuration

Note: The following information applies to IBM HTTP Server for iSeries. If you are using Lotus Domino HTTP Server, see the Notes.net Documentation Library (http://www.notes.net/notesua.nsf?OpenDatabase) .

Changes to the HTTP configuration are often made to enable WebSphere Application Server to serve servlets and JSP requests, and to enable WebSphere Application Server security. You should consider saving your HTTP configuration as a part of your WebSphere Application Server backup and recovery. The IBM HTTP Server configurations are stored as members of the QATMHTTPC file in library QUSRSYS. HTTP server instances are members of the QATMHINSTC file in the library QUSRSYS. Example save commands for these files are:

SAVOBJ OBJ(QUSRSYS/QATMHTTPC)
SAVOBJ OBJ(QUSRSYS/QATMHINSTC)

Key files

Key files should also be saved. They contain certificates used by the WebSphere Application Server security infrastructure and also for HTTPS transport between servers. Save all files in the WAS_INSTANCE_ROOT/etc directory. Key files are contained in the WAS_INSTANCE_ROOT/etc directory, but may be created and stored in other directories by administrators.

Validation lists

Passwords are stored as encrypted data in validation list objects when the OS/400 password encoding algorithm is used. The default validation list is /QSYS.LIB/QUSRSYS.LIB/EJSADMIN.VLDL, but you can change it in the administrative console by specifying it as a system property for the application server. For more information, see Configure application servers.

Save and restore validation list objects using the Save Object (SAVOBJ) and Restore Object (RSTOBJ) commands, for example:

  SAVOBJ OBJ(EJSADMIN) LIB(QUSRSYS) DEV(*SAVF) SAVF(WSALIB/WSASAVF)
  RSTOBJ OBJ(EJSADMIN) SAVLIB(QUSRSYS) DEV(*SAVF) OBJTYPE(*VLDL) SAVF(WSALIB/WSASAVF)