friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzalv_5.4.0.1/rzalveserverregistry.htm

145 lines
9.1 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="EIM registry definitions" />
<meta name="abstract" content="This information explains how you can create a registry definition to hold all your user registries for a system." />
<meta name="description" content="This information explains how you can create a registry definition to hold all your user registries for a system." />
<meta name="DC.Relation" scheme="URI" content="rzalveserverdomain.htm" />
<meta name="DC.Relation" scheme="URI" content="rzalveservercncpts.htm" />
<meta name="DC.Relation" scheme="URI" content="rzalvsysregdef.htm" />
<meta name="DC.Relation" scheme="URI" content="rzalveserverracf.htm" />
<meta name="DC.Relation" scheme="URI" content="rzalvgroupregistrydef.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2002, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2002, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzalveserverregistry" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>EIM registry definitions</title>
</head>
<body id="rzalveserverregistry"><a name="rzalveserverregistry"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">EIM registry definitions</h1>
<div><p>This information explains how you can create a registry definition
to hold all your user registries for a system.</p>
<p>An Enterprise Identity Mapping (EIM) <em>registry definition</em> is an entry
within EIM that you create to represent an actual user registry that exists
on a system within the enterprise. A user registry operates like a directory
and contains a list of valid user identities for a particular system or application.
A basic user registry contains user identities and their passwords. One example
of a user registry is the z/OS<sup>®</sup> Security Server Resource Access Control Facility
(RACF<sup>®</sup>)
registry. User registries can contain other information as well. For example,
a Lightweight Directory Access Protocol (LDAP) directory contains bind distinguished
names, passwords, and access controls to data that is stored in LDAP. Other
examples of common user registries are the principals in a Kerberos realm
or user identities in an Windows<sup>®</sup> Active Directory domain, and
the i5/OS™ user
profiles registry.</p>
<p>You can also define user registries that exist within other user registries.
Some applications use a subset of user identities within a single instance
of a user registry. For example, the z/OS Security Server (RACF) registry
can contain specific user registries that are a subset of users within the
overall RACF user
registry. </p>
<p>EIM registry definitions provide information regarding those user registries
in an enterprise. The administrator defines these registries to EIM by providing
the following information:</p>
<ul><li>A unique, arbitrary EIM registry name. <span class="br">Each registry
definition represents a specific instance of a user registry. Consequently,
you should choose an EIM registry definition name that helps you to identify
the particular instance of the user registry. For example, you could choose
the TCP/IP host name for a system user registry, or the host name combined
with the name of the application for an application user registry. You can
use any combination of alphanumeric characters, mixed case, and spaces to
create unique EIM registry definition names. </span></li>
<li>The type of user registry. <span class="br">There are a number of
predefined user registry types that EIM provides to cover most operating system
user registries. These include:</span><ul><li>AIX<sup>®</sup> </li>
<li>Domino<sup>®</sup> -
long name </li>
<li><img src="./delta.gif" alt="Start of change" />Domino -
short name <img src="./deltaend.gif" alt="End of change" /></li>
<li>Kerberos </li>
<li>Kerberos - case sensitive </li>
<li>LDAP </li>
<li>- LDAP - short name </li>
<li>Linux<sup>®</sup> </li>
<li>Novell Directory Server</li>
<li><img src="./delta.gif" alt="Start of change" />- Other <img src="./deltaend.gif" alt="End of change" /></li>
<li><img src="./delta.gif" alt="Start of change" />- Other - case sensitive <img src="./deltaend.gif" alt="End of change" /></li>
<li><img src="./delta.gif" alt="Start of change" />i5/OS (or OS/400<sup>®</sup>) <img src="./deltaend.gif" alt="End of change" /></li>
<li>Tivoli<sup>®</sup> Access
Manager </li>
<li>RACF </li>
<li>Windows -
local</li>
<li>Windows domain
(Kerberos) (This type is case sensitive.)</li>
<li>X.509</li>
</ul>
<div class="note"><span class="notetitle">Note:</span> Although the predefined registry definition types cover most operating
system user registries, you may need to create a registry definition for which
EIM does not include a predefined registry type. You have two options in this
situation. You can either use an existing registry definition which matches
the characteristics of your user registry or you can <a href="rzalvadmindefinereg.htm">define a private user registry type</a>. For example in Figure
6, the administrator followed the process required and defined the type of
registry as <samp class="codeph">WebSphere LTPA</samp> for the <samp class="codeph">System_A_WAS</samp> application
registry definition.</div>
</li>
</ul>
<p>In Figure 6, the administrator created EIM system registry definitions
for user registries representing System A, System B, System C, and a Windows Active
Directory that contains users' Kerberos principals with which users log into
their desk top workstations. In addition, the administrator created an application
registry definition for WebSphere<sup>®</sup> (R) Lightweight Third-Party Authentication
(LTPA), which runs on System A. The registry definition name that the administrator
uses helps to identify the specific occurrence of the type of user registry.
For example, an IP address or host name is often sufficient for many types
of user registries. In this example, the administrator uses <samp class="codeph">System_A_WAS</samp> as
the application registry definition name to identify this specific instance
of the WebSphere LTPA
application. He also specifies that the parent system registry for the application
registry definition is the <samp class="codeph">System_A</samp> registry.</p>
<p><strong>Figure 6:</strong> EIM registry definitions for five user registries in an
enterprise</p>
<p><br /><img src="rzalv510.gif" alt="Example of EIM registry definitions" /><br /></p>
<div class="note"><span class="notetitle">Note:</span> To further reduce the need to manage user passwords, the administrator
in Figure 6 sets the i5/OS user profile passwords on System A and on System
C to *NONE. The administrator in this case is configuring a single signon
environment and the only application that his users work with are EIM-enabled
applications such as iSeries™ Navigator. Consequently, the administrator
wants to remove the passwords from their i5/OS user profiles so that both the users
and he have fewer passwords to manage.</div>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzalvsysregdef.htm">System registry definitions</a></strong><br />
Use this information to learn about creating a user registry for particular systems.</li>
<li class="ulchildlink"><strong><a href="rzalveserverracf.htm">Application registry definitions</a></strong><br />
Use this information to learn how to create users registries for certain applications.</li>
<li class="ulchildlink"><strong><a href="rzalvgroupregistrydef.htm">Group registry definitions</a></strong><br />
Use this information to learn about creating a group registry definition in an EIM domain that describes and represent a group of registry definitions.</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzalveservercncpts.htm" title="Use this information learn about important EIM concepts that you need to understand to implement EIM successfully.">Enterprise Identity Mapping concepts</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzalveserverdomain.htm" title="This information explains how to use a domain to store all your identifiers.">EIM domain</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink