Key file information

The LTPA token is encrypted by a password-protected secret key. The key itself is generated by WebSphere and is contained in a key file. This key file is password-protected by a clear text key.

The name of the key file that WebSEAL uses is defined by the keyfile configuration entry in the [ltpa] stanza. The permissions on the file must give read access to the user who is running the WebSEAL binary file.

The keyfile-password configuration entry in the [ltpa] stanza defines the password, used to protect the key file. If the password is sensitive, it can alternatively be stored in the corresponding configuration entry in the WebSEAL obfuscated database.

We can use the Local Management Interface (LMI) to manage this password.

Parent topic: LTPA authentication