The wsadmin tool has two security-related profiles by default that make security configuration easier. These profiles set up procedures that you can call to enable and disable security. The available procedures are:
securityon | turns global security on using LocalOS security |
securityoff | turns global security off |
LTPA_LDAPSecurityOn | turns LTPA/LDAP global security on using the LDAP user registry |
LTPA_LDAPSecurityOff | turns LTPA/LDAP global security off |
Using Jacl, enter the securityon help command or LTPA_LDAPSecurityOn help command to determine the parameters required for these procedures. For the procedures that turn security off, no parameters are required.
If you enable security for a WebSphere Application Server cell, you need to supply authentication information in order to communicate with servers.
You can specify user and password information on a wsadmin command line or the sas.client.props file located in the properties directory.
Use the -user and -password command options on the wsadmin tool to specify the user and password information.
The properties file updates that are required for running in secure mode depend on whether a Remote Method Invocation (RMI) or Simple Object Access Protocol (SOAP) connector is being used to connect.
If you are using a Remote Method Invocation (RMI) connector, set the following properties in the sas.client.props file with the appropriate values:
com.ibm.CORBA.loginUserid= com.ibm.CORBA.loginPassword=
Change the value of the following property from prompt to properties:
com.ibm.CORBA.loginSource=properties
The default value for this property is prompt in the sas.client.props file. If you leave the default value, a dialog box appears with a password prompt. If the script is running unattended, if will appear to hang.
If you are using a Simple Object Access Protocol (SOAP) connector, set the following properties in the soap.client.props file with the appropriate values:
com.ibm.SOAP.loginUserid= com.ibm.SOAP.loginPassword= com.ibm.SOAP.securityEnabled=trueThere is no corresponding com.ibm.SOAP.loginSource property for a SOAP connector.
If you specify user and password information on a command line and in the properties file, the command line information will override the information in the properties file.
Use the EncAuthDataFile script to encrypt a password. This script is located in the install_root/bin directory. For example:
EncAuthDataFile in_file_name out_file_namewhere in_file_name is the input authorization data file name and out_file_name is output authorization data file name. The input file name can be a text file or a property file.