ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamy_5.4.0.1/50/admin/snrsecur.htm

75 lines
4.5 KiB
HTML

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>Backup and recovery: Security</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h3><a name="snrsecur"></a>Backup and recovery: Security</h3>
<p>These items should be considered for backup of security information:</p>
<ul>
<li>Users</li>
<li>Security properties files</li>
<li><a href="snradmin.htm">Administrative configuration</a></li>
<li>HTTP configuration</li>
<li>Key files</li>
<li>Validation lists</li>
</ul>
<p><strong>Users</strong></p>
<p>When using local OS security, back up your i5/OS user profiles, using normal i5/OS save procedures for user profiles. For more information, see the following topics in the iSeries Information Center:</p>
<ul>
<li><a href="../../../rzaiu/rzaiuintro.htm">Backup and Recovery</a></li>
<li><a href="../../../rzalw/rzalwoverview.htm">Availability</a></li>
<li><a href="../../../rzaiu/sc415304.pdf" target="_blank">Backup and Recovery</a><img src="wbpdf.gif" alt="Link to PDF"></li>
</ul>
<p>For information on the Directory Server Product (LDAP server), see the <a href="../../../rzahy/rzahyrzahywelpo.htm">IBM Directory Server for iSeries (LDAP)</a> topic in the iSeries Information Center.</p>
<p>For information on Domino, see the <a href="http://doc.notes.net/domino_notes/5.0/as400/as400hlp.nsf">Domino Reference Library</a> (http://doc.notes.net/domino_notes/5.0/as400/as400hlp.nsf) <img SRC="www.gif" ALT="Link outside Information Center" BORDER=0 height=15 width=18 >.</p>
<p><strong>Security properties files</strong></p>
<p>Security settings are saved in several properties files. By default, these are located in /QIBM/Userdata/WebASE/ASE5/<em>instance</em>/properties where <em>instance</em> is the name of your instance. If you have defined additional WebSphere instances, you will have additional properties files located in the directories for those instances.</p>
<pre>SAV DEV('/QSYS.lib/wsalib.lib/wsasavf.file')
OBJ(('<em>instance</em>/properties/sas*'))</pre>
<p><strong>Note:</strong> This command has been wrapped for display purposes. Enter it as one command.</p>
<p>Security property files can be saved while WebSphere is running.</p>
<p><strong>HTTP configuration</strong></p>
<p><strong>Note:</strong> The following information applies to IBM HTTP Server for i5/OS. If you are using Lotus Domino HTTP Server, see the <a href="http://www.notes.net/notesua.nsf?OpenDatabase" target="_">Notes.net Documentation Library</a> (http://www.notes.net/notesua.nsf?OpenDatabase) <img src="www.gif" width="18" height="15" alt="Link outside Information Center" border="0">.</p>
<p>Changes to the HTTP configuration are often made to enable WebSphere Application Server - Express to serve servlets and JSP requests, and to enable WebSphere Application Server - Express security. You should consider saving your HTTP configuration as a part of your WebSphere Application Server - Express backup and recovery. The IBM HTTP Server configurations are stored as members of the QATMHTTPC file in library QUSRSYS. HTTP server instances are members of the QATMHINSTC file in the library QUSRSYS. These are example save commands for these files:</p>
<pre>SAVOBJ OBJ(QUSRSYS/QATMHTTPC)
SAVOBJ OBJ(QUSRSYS/QATMHINSTC)</pre>
<p><strong>Key files</strong></p>
<p>Key files should also be saved. They contain certificates used by the WebSphere Application Server - Express security infrastructure and also for HTTPS transport between servers. Save all files in the WAS_INSTANCE_ROOT/etc directory. Key files are contained in the WAS_INSTANCE_ROOT/etc directory, but may be created and stored in other directories by administrators.</p>
<p><strong><a name="vallists">Validation lists</a></strong></p>
<p>Passwords are stored as encrypted data in validation list objects when the i5/OS password encoding algorithm is used. The default validation list is /QSYS.LIB/QUSRSYS.LIB/EJSADMIN.VLDL, but you can change it in the WebSphere administrative console by specifying it as a system property for the application server.</p>
<p>Save and restore validation list objects using the Save Object (SAVOBJ) and Restore Object (RSTOBJ) commands, for example:</p>
<pre>SAVOBJ OBJ(EJSADMIN) LIB(QUSRSYS) DEV(*SAVF) SAVF(WSALIB/WSASAVF)
RSTOBJ OBJ(EJSADMIN) SAVLIB(QUSRSYS) DEV(*SAVF) OBJTYPE(*VLDL) SAVF(WSALIB/WSASAVF)</pre>
</body>
</html>