InfoCenter Home >
5: Securing applications -- special topics >
5.7: The Secure Association Service (SAS) >
5.7.5: SAS properties reference
This following describes the properties used in the configuration files
sas.client.properties and sas.server.properties. These files contain
lists of property-value pairs, using the syntax
<property>=<value> .
The property names are case sensitive, but the values are not; the
values are converted to lower case when the file is read.
Note: Secure Sockets Layer (SSL) settings
are managed by the administrative
console. Any editing changes made to the
following properties in the
sas.server.props file are overwritten at run time.
- com.ibm.CORBA.SSLKeyRing
- com.ibm.CORBA.SSLKeyRingPassword
- com.ibm.CORBA.SSLServerKeyRing
- com.ibm.CORBA.SSLServerKeyRingPassword
- com.ibm.CORBA.SSLClientKeyRing
- com.ibm.CORBA.SSLClientKeyRingPassword
In WebSphere Application Server version 4.0, some properties
do not appear in the sas.server.props file. Instead, these
properties must be configured by using the administrative console.
The entry for each property indicates how it can be modified.
Note: Corruption of the sas.server.props file might
cause the administrative server to fail to
start. The sas.server.props file
contains critical information for the administrative
server. Back up the sas.server.props
file regularly.
Authentication properties
- com.ibm.CORBA.authenticationTarget
- Specifies the mechanism for authenticating principals.
valid values: basicauth, localos, ltpa
default value: basicauth
client/server usage: can be directly edited in the
sas.client.props file; the server-side value must be
set by using the Security Center within the administrative console
- com.ibm.CORBA.loginUserid
- Holds the name of an authorized user of the user registry, used when the
loginSource property is specified as
properties . The corresponding password is stored
in the loginPassword property.
valid values: a user name in the registry
default value: no default value
client/server usage: can be directly edited in the
sas.client.props file; the server-side value must be
set by using the Security Center within the administrative console
- com.ibm.CORBA.loginPassword
- Holds the password for the user named in the
loginUserid
property, use when the loginSource property is specified
as properties .
valid values: the password for the user named in the
loginUserid property
default value: no default value
client/server usage: can be directly edited in the
sas.client.props file; the server-side value must be
set by using the Security Center within the administrative console
- com.ibm.CORBA.principalName
- Specifies the principal under which the WebSphere administrative
server runs. The format is REALM/userID.
valid values: a realm name and a user name in the registry
default value: no default value
client/server usage: can be directly edited in the
sas.client.props file; the server-side value must be
set by using the Security Center within the administrative console
- com.ibm.CORBA.loginSource
- Indicates the source for the user IDs and passwords.
valid values: prompt, properties, stdin, key file, none
- The value
stdin is supported only in the
sas.client.props file.
- The value
none is typically used for
applications that perform programmatic logins before
they require credentials on a thread of execution.
default value: prompt
client/server usage: sas.client.props and sas.server.props
- com.ibm.CORBA.loginTimeout
- Specifies the length of time (in seconds) for which
the login window is displayed to a user for entering
login information (realm, user ID, password).
valid values: 0 to 600 (0 to 10 minutes)
default value: 300 (5 minutes)
client/server usage: sas.client.props and sas.server.props
SSL Properties
For more information on configuring SSL, see
5.7.3: ORB SSL Configuration.
Miscellaneous properties
- com.ibm.CORBA.securityEnabled
- Indicates whether security is enabled or not.
valid values: false, no, true, yes
default value: true
client/server usage: can be directly edited in the
sas.client.props file; the server-side value must be
set by using the Security Center within the administrative console
- com.ibm.CORBA.bootstrapRepositoryLocation
- Holds the full path of the bootstrap repository file, which
contains information about security properties needed during
the boot process.
valid values: the absolute path to the repository file
default value: <server_root>/etc/secbootstrap
client/server usage: sas.server.props only
Trace and message properties
- com.ibm.CORBA.securityDebug
- Specifies whether debugging messages are displayed on
the console or not.
valid values: console, false, no, true
default value: false
client/server usage: sas.client.props and sas.server.props
- com.ibm.CORBA.securityTraceLevel
- Determines the level of tracing provided.
valid values: none, basic, intermediate, advanced
- Trace level
basic reports basic messages
and is rarely used
- Trace level
intermediate is typically used to
troubleshoot long-run problems to minimize tracing
- Trace level
advanced is used in most cases
for troubleshooting
default value: none
client/server usage: sas.client.props and sas.server.props
- com.ibm.CORBA.securityTraceOutput
- Determine the output file for SAS when
file ,
fileappend , or both are chosen for the output
mode properties (securityActivityOutputMode ,
securityErrorsOutputMode ,
securityExceptionsOutputMode , or
securityTraceOutputMode ).
valid values: a valid path and file name in the file system.
default value: <server.root>/logs/sas.log
client/server usage: sas.client.props and sas.server.props
- com.ibm.CORBA.securityActivityOutputMode
- Determines where to direct activity messages.
valid values: none, file, fileappend, console, both
file : output goes to the destination set in the
com.ibm.CORBA.securityTraceOutput property
and a new file is created after each server restart.
fileappend : output goes to the destination in the
com.ibm.CORBA.securityTraceOutput property
and new output is appended after each server restart.
console : output is redirected to the standard
output stream.
both : output is redirected to both the standard
output stream and to the destination set in the
com.ibm.CORBA.securityTraceOutput property,
and a new file is created after each server restart.
none : no output occurs.
default value: file
client/server usage: sas.client.props and sas.server.props
- com.ibm.CORBA.securityErrorsOutputMode
- Determines where to direct error messages.
valid values: none, file, fileappend, console, both
(The values work as described for the
securityActivityOutputMode property.)
default value: both
client/server usage: sas.client.props and sas.server.props
- com.ibm.CORBA.securityExceptionsOutputMode
- Determines where to direct exception messages.
valid values: none, file, fileappend, console, both
(The values work as described for the
securityActivityOutputMode property.)
default value: file
client/server usage: sas.client.props and sas.server.props
- com.ibm.CORBA.securityTraceOutputMode
- Determines where to direct trace messages.
Client and server side.
valid values: none, file, fileappend, console, both
(The values work as described for
the
securityActivityOutputMode property.)
default value: file
client/server usage: sas.client.props and sas.server.props
|
|