[Version 5.0.2 and later]WebSphere Application Server for z/OS global security options

Use this page to determine which global security options to specify for WebSphere Application Server for z/OS.

To view this administrative console page, click Security > Global Security > z/OS security options. Under Additional Properties, click z/OS Security Options.

If you are configuring security for the first time, complete the steps in Configuring global security in the documentation prior to making changes. Once security is configured, validate any changes to the user registry or authentication mechanism panels. Click Apply to validate the user registry settings. An attempt is made to authenticate the server ID to the configured user registry (note that for registries other than Local OS the server user ID and password are validated).

Note: There has been a change in the option names on this page along with their function. Previously, the Connection Manager Synch to OS Thread support had been enabled by the Synch to OS Thread Allowed checkbox. The Connection Manager Synch to OS Thread support is now enabled by the new Connection Manager RunAs Identity Enabled checkbox. The Synch to OS Thread Allowed checkbox now enables the application Synch to OS Thread support and not the Connection Manager Synch to OS Thread support.

Remote identity   [Version 5.0.2 and later]
SAF user ID associated with unauthenticated clients making requests of this server from another system.

Specifies which SAF identity is used when a remote RMI/IIOP request is received with no authentication information.

Local identity   [Version 5.0.2 and later]
SAF user ID associated with unauthenticated clients making requests of this server from the same system.

Specifies which SAF identity is used when an RMI/IIOP request is received with no authentication information from a server on the same system.

Synch to OS Thread Allowed   [Version 5.0.2 and later]
When checked, this option specifies that application servers are allowed to process the Synch to OS Thread Allowed option for application components that specify it. Refer to the note at the top of this article regarding the history of this option's name and the recent changes in this area.

Specifies whether or not application Synch to OS Thread Allowed is permitted. When this global security option is enabled, the application-specified Sync to OS Thread Allowed is honored and subsequently carried out by the EJB and Web containers as indicated by EJB and Web application Synch to OS Thread Allowed specification. The default is disabled.

Important: This permits the application server to alter the OS thread identity in a potentially unauthorized environment (which can be an integrity breach).

Important: This option significantly increases the number of SMF 80 records used for security auditing. If security auditing is turned on for SMF 80 records, then the amount of DASD used also increases significantly.

Connection Manager RunAs Identity Enabled   [Version 5.0.2 and later]
When checked, specifies that the connection manager sync the current J2EE identity to the OS thread when using operating system thread security for connector authorization. Refer to the note at the top of this article regarding the history of this option's name and the recent changes in this area.

When you enable this option, the method processes a request that modifies the operating system identity to reflect the J2EE identity. This function is required if you wish to use one of the Java Message Service (JMS), Java database connectivity (JDBC), or Java Connector Architecture (JCA) connector configurations that use operating system thread security. For more information, refer to:

Important: This permits the application server to alter the OS thread identity in a potentially unauthorized environment (which can be an integrity breach).


Related tasks
Synchronizing a Java thread identity and an operating system thread identity[Version 5.0.2 and later]
Configuring Secure Sockets Layer for the Lightweight Directory Access Protocol client
Considerations for setting Synch to OS Thread Allowed using WebSphere Studio Application Developer[Version 5.0.2 and later]
Related reference
Administrative console buttons
Administrative console scope settings
Administrative console filter settings
Administrative console preference settings
Global security settings



Searchable topic ID:   useczosglobalsec
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/usec_zos_globalsec.html

Library | Support | Terms of Use | Feedback