|
Problem(Abstract) |
How to disable credential cache lookup by userid and
password in WebSphere Application Server versions 4.0.x and 5.0.x |
|
|
|
Resolving the
problem |
Many times customers want to revoke user accounts.
Similarly, users change passwords and want the change to be effective
immediately. In other words, no one should be able to gain access with the
old (or, expired) password. This can be accomplished by disabling Security
caching. Here are the instructions:
To disable userId and password cache in WSAS4.0.x, do the
following:
1) In Admin.config, add the following property:
com.ibm.websphere.security.util.LTPAAuthCacheEnabled=false
2) At application server, add the following JVM property
com.ibm.websphere.security.util.CredentialCacheEnabled=false
To disable credential cache lookup by userid and password in WAS 5.0
and WAS 5.0.1:
Set the following JVM properties to false:
com.ibm.websphere.security.util.AuthCacheEnabled and
com.ibm.websphere.security.util.CredentialCacheEnabled. See the attached
screen shot in WSAS5.0 and WSAS5.0.1
To disable credential cache lookup after 5.0.2:
In WSAS5.0.2, all four credential caches are consolidated into one, and
could be enabled, disabled, or partial disabled with JVM property
com.ibm.websphere.security.util.authCacheEnabled.
com.ibm.websphere.security.util.authCacheEnabled can be set to true,
false, or BasicAuthDisabled. To disable credential cache lookup by userid
and password, set JVM property:
com.ibm.websphere.security.util.authCacheEnabled = BasicAuthDisabled.
In WSAS5.0.2, release, this JVM property can only be set to true and
false, and you need APAR PQ76758 to set this value to
BasicAuthDisabled. |
|
|
|
|
Cross Reference information |
Segment |
Product |
Component |
Platform |
Version |
Edition |
Application Servers |
Runtimes for Java Technology |
Java SDK |
|
|
|
|
|
|