ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamy_5.4.0.1/50/sec/seccloc.htm

56 lines
4.2 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>Configure local operating system user registry</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h5><a name="seccloc"></a>Configure local operating system user registry</h5>
<p>If you want to use the i5/OS user registry to represent the principals who access your WebSphere resources, no special user registry setup is necessary.</p>
<p>The i5/OS user registry is used for authentication of WebSphere users and for authorization of WebSphere users who access WebSphere resources, but not for WebSphere users who access i5/OS resources. A WebSphere application server does not run under the i5/OS user profile of the WebSphere users. Instead, the WebSphere application server runs under the i5/OS profile that is configured by the WebSphere administrator.</p>
<p>If you want to authorize a user for any WebSphere resource, a user profile must exist on the iSeries system for that user. Use the Create User Profile (CRTUSRPRF) command on your iSeries server to create new user IDs that can be used by WebSphere.</p>
<p>As installed, security is disabled for WebSphere Application Server - Express. It is necessary to take these steps to enable security. These steps will set up security based on the local operating system user registry on the iSeries system on which WebSphere Application Server - Express is installed.</p>
<p>Perform these steps in the WebSphere administrative console:</p>
<ol>
<li><p>In the navigation menu, click <strong>Security --&gt; User Registries --&gt; LocalOS</strong>.</p></li>
<li><p>Enter a valid iSeries user profile name in the <strong>Server User ID</strong> field. The Server User ID specifies the iSeries user profile to use when the server authenticates to the underlying operating system. This is also the user that has initial authority to access the administrative application through the administrative console. The administrative user ID is common to all user registries.</p>
<p>The administrative user ID is common to all user registries. The administrative ID is a member of the chosen user registry, and it has special privileges in WebSphere Application Server - Express. However, it has no special privileges in the user registry that it represents. In other words, you can select any valid user ID in the registry to use as the administrative user ID (Server User ID).</p>
<p>For the Server User ID field, you can specify any iSeries user profile that meets this criteria:</p>
<ul>
<li>It has a status of *ENABLED.</li>
<li>It has a valid password.</li>
<li>It is not used as a group profile.</li>
</ul>
<p><strong>Note:</strong> A group profile is assigned a unique group ID number, which is not assigned to a regular user profile. Run the Display User Profile (DSPUSRPRF) command to determine if the user profile you want to use as the Server User ID has a defined group ID number. If the <strong>Group ID</strong> field is set to *NONE, the user profile can be used as the administrative user ID.</p></li>
<li><p>In the <strong>Server User Password</strong> field, enter the valid password for the user profile you specified as the Server User ID.</p></li>
<li><p>Click <strong>OK</strong>.</p>
<p>Validation of the user and password does not happen in this panel. Validation is only done when you click <strong>OK</strong> or <strong>Apply</strong> in the Global Security panel. If you are in the process of enabling security for the first time, complete the other steps and then go to the Global Security panel, make sure that <tt>Local OS</tt> is selected as the <strong>Active User Registry</strong>. If your changes are not validated the server may not be able to start.</p></li>
</ol>
<p><strong>Note:</strong> Until you authorize other users to perform administrative functions, you can only access the administrative console with the Server User ID and Password you specified. For more information, see <a href="seccadm.htm">Assign users to administrative roles</a>.</p>
</body>
</html>