Local operating system registries

With the registry implementation for the local operating system, the WebSphere® Application Server authentication mechanism can use the user accounts database of the local operating system.

A local operating system registry is a centralized registry within a sysplex.

WebSphere Application Server uses the System Authorization Facility (SAF) interfaces. SAF interfaces are defined by MVS™ to enable applications to use system authorization services or registries to control access to resources such as data sets and MVS commands. SAF allows security authorization requests to be processed directly through the Resource Access Control Facility (RACF®) or a third party z/OS® security provider. You must provide a mapping from a user registry identity to a SAF user ID unless you select local operating system as the user registry. For more information, see Custom System Authorization Facility mapping modules.

Web client certificate authentication is supported when using the local operating system user registry. Digital certificates can be mapped to MVS identities by both Web and Java™ clients when you select Local OS. A certificate name filter can be used to simplify the mapping. If you are using RACF as the security server, the RACDCERT MAP command creates a resource profile that maps multiple user identities to a digital certificate to simplify administration of certificates, conserve storage space in the RACF database, maintain accountability, or maintain access control granularity.

Using system user registries

The following notes apply when you use system user registries:



Subtopics
Password sensitivity using a local operating system registry
Password case sensitivity using a local operating system registry
Related tasks
Selecting a registry or repository
Concept topic    

Terms of Use | Feedback

Last updated: Oct 22, 2010 12:21:29 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-nd-zos&topic=cseclocalos
File name: csec_localos.html