IBM Security Verify Access for Web WebSEAL use-domain-qualified-name stanza entry

use-domain-qualified-name

Use the use-domain-qualified-name stanza entry to control whether Security Verify Access includes the domain from the Kerberos user principal name as part of the ISAM user ID.
use-domain-qualified-name = {yes|no}

Description
Kerberos authentication provides a principal name of the form shortname@domain.com. By default, ISAM uses only the short name as the ISAM user ID. If this parameter is set to yes, then Security Verify Access includes the domain as part of the ISAM user ID. The use-domain-qualified-name stanza entry has no effect if multiple-domain Active Directory is used as the ISAM user registry. In this case, the domain name is always included as part of the ISAM user name.
Options

yes
Security Verify Access includes the domain portion of the principal name as part of the ISAM user ID. For example, say that Kerberos authentication provides a principal name of user@example.com. If use-domain-qualified-name is no, then the ISAM user ID is user. If use-domain-qualified-name is yes, then the ISAM name is user@example.com.
no
ISAM uses only the short name as the Verify Access user ID, and does not include the domain portion of the principal name.

Usage: Required.
Default value no
Example:
use-domain-qualified-name = yes

Parent topic: [spnego] stanza

yes	Security Verify Access includes the domain portion of the principal name as part of the ISAM user ID. For example, say that Kerberos authentication provides a principal name of user@example.com. If use-domain-qualified-name is no, then the ISAM user ID is user. If use-domain-qualified-name is yes, then the ISAM name is user@example.com.
no	ISAM uses only the short name as the Verify Access user ID, and does not include the domain portion of the principal name.