InfoCenter Home > 6.6.18.1a.2: Specifying how to authenticate users with the Java administrative consoleUse the Authentication tab of the Security Center wizard to specify how to authenticate or verify the user data received as a result of a challenge, such as a logon screen. The WebSphere security server must have some way to check the user ID and password, digital certificate, or other user identification for credibility. It relies on the authentication mechanism specified by the administrator. Selecting how to authenticate user dataUsers can be authenticated by one of two authentication mechanisms, either the operating system user registry or Lightweight Third-Party Authentication (LTPA). The operating system user registry simply compares users to valid users in the underlying operating system. When the administrator selects the Local Operating System authentication mechanism, the Authentication tabbed page changes to allow the administrator to set a security server ID and password under which the application will run. The information is used for delegation of the application resource. The Local Operating System authentication mechanism supports the basic challenge type. If the administrative server is running as a non-root user, then the Local Operating System cannot be used. LTPA authentication in connection with LDAP or with the Custom User Registry must be used to enable security. Similarly, if the administrative server is being used in a multi-node configuration, LTPA authentication must be used. When the administrator selects Lightweight Third-Party Authentication (LTPA) as the authentication mechanism, the Authentication tabbed page changes. This change enables the administrator to specify LTPA settings and information about the Lightweight Directory Access Protocol (LDAP)-compliant directory service product to be used, or the custom user registry. LTPA causes a search to be performed against the selected registry (LDAP or custom user registry). LTPA supports both the basic and certificate challenge types. The help files that describe the OS, LTPA, LDAP, and custom user registry settings provide guidance for completing options on the Authentication tabbed page. What to do if authentication is slow or fails when using LTPA and LDAPIf the authentication fails or is slow, when using a LTPA and LDAP cluster, perform the following two configurations or choose one of them: Note: An LDAP cluster is defined as multiple LDAP servers which appear as a single LDAP server due to the use of a network dispatcher or Internet Protocol (IP) sprayer.
|
| ||
|