Name |
Example Value |
Description |
---|---|---|
exclude_usernames |
websphere, db2admin |
Required. A list of usernames to be excluded from authentication. The default delimiter is a comma, but may be overridden by exclude_usernames_delimiter. This list should include the WebSphere Application Server for z/OS administration users and the database user. Any users listed here should be defined in the WebSphere Application Server for z/OS user registry. |
exclude_usernames_delimiter |
| |
Optional. A delimiter for the list of usernames provided in exclude_usernames. A delimiter other than the default comma can be useful when usernames have embedded commas as with LDAP users. |
login_trace |
true |
Optional. This property should be set to true to debug the authentication process. If set to true the invocation of the login module will result in tracing information being added to the WebSphere Application Server for z/OS SystemOut.log file. |
module_name |
DEFAULT, WEB_INBOUND or RMI_INBOUND |
Optional. This property should be set to one of DEFAULT, WEB_INBOUND or RMI_INBOUND depending on the configuration the login module is being defined for. It is used only when login_trace is set to true for tracing purposes. |
check_identity_only |
true |
Optional. If this property is set to true the login module will not perform the usual authentication verifications. Instead it will simply ensure that the user exists on the database table. In this case the configured WebSphere Application Server for z/OS user registry will not be by-passed and will be queried after the login module. This option is intended where LDAP support is required or an alternative authentication mechanism is to be used. |
user_registry_enabled |
true |
Optional. This property is used to override the behavior of by-passing the user registry. If this property is set to true the WebSphere Application Server for z/OS user registry will be queried during the authentication process. If this property is set to false, the WebSphere Application Server for z/OS user registry will not be queried. Note: If you are specifying identity only and using LDAP you may need to perform additional configuration steps; please see Special Configuration Steps When Using Identity Only and LDAP.
|
user_registry_enabled_types |
EXTERNAL |
Optional. This property is used to specify a comma-delimited list of external user types that will be processed against the WebSphere Application Server for z/OS user registry (e.g. LDAP). See WebSphere Application Server User Registry for more information on the processing of the WebSphere Application Server for z/OS user registry. |
user_registry_disabled_types |
EXTGEN,EXTAUTO |
Optional. This property is used to specify a comma-delimited list of external user types that will not be processed against the WebSphere Application Server for z/OS user registry (e.g. LDAP). See WebSphere Application Server User Registry for more information on the processing of the WebSphere Application Server for z/OS user registry. |