|
Problem(Abstract) |
Local OS authentication cannot be used when using a user
account with non-administrative access to the system. However, options are
available for enabling security for a user account without administrative
access. |
|
|
|
Cause |
When using the Local OS user registry, the user account
that the product processes run under should have the
Administrative and Act as part of the operating
system privileges to call the Windows operating system
authentication APIs to collect user and group information. |
|
|
Resolving the
problem |
When running WebSphere Application Server using a
non-administrative user account, if global security is enabled, you must
use either LDAP or custom registry for the user
registry.
The administrative process needs special authority, which is given by
these privileges. The user in this example might not be the same as the
security server ID, the requirement
for which is a valid user in the registry. This user logs in to the
machine, if
using the command line to start the product process or the Log On User
setting
in the services panel if the product processes have started using the
services. If
the system is also part of a domain, this user should be part of the
Domain
Admin group in the domain to call the operating system APIs in the domain
in
addition to having the Act as part of operating system
privilege on the local
system. |
|
|
|
|
Cross Reference information |
Segment |
Product |
Component |
Platform |
Version |
Edition |
Application Servers |
Runtimes for Java Technology |
Java SDK |
|
|
|
|
|
|