Local operating system registries

With the registry implementation for the local operating system, the WebSphere® Application Server authentication mechanism can use the user accounts database of the local operating system.

New feature New feature: This topic references one or more of the application server log files. Beginning in WebSphere Application Server Version 8.0 you can configure the server to use the High Performance Extensible Logging (HPEL) log and trace infrastructure instead of using SystemOut.log , SystemErr.log, trace.log, and activity.log files or native z/OS logging facilities. If you are using HPEL, you can access all of your log and trace information using the LogViewer command-line tool from your server profile bin directory. See the information about using HPEL to troubleshoot applications for more information on using HPEL.newfeat

A local operating system registry is a centralized registry within a sysplex.

WebSphere Application Server uses the System Authorization Facility (SAF) interfaces. SAF interfaces are defined by MVS to enable applications to use system authorization services or registries to control access to resources such as data sets and MVS commands. SAF allows security authorization requests to be processed directly through the Resource Access Control Facility (RACF®) or a third party z/OS® security provider. You must provide a mapping from a user registry identity to a SAF user ID unless you select local operating system as the user registry. For more information, see Custom System Authorization Facility mapping modules.

Web client certificate authentication is supported when using the local operating system user registry. Digital certificates can be mapped to MVS identities by both web and Java clients when you select Local OS. A certificate name filter can be used to simplify the mapping. If you are using RACF as the security server, the RACDCERT MAP command creates a resource profile that maps multiple user identities to a digital certificate to simplify administration of certificates, conserve storage space in the RACF database, maintain accountability, or maintain access control granularity.

Using system user registries

The following notes apply when you use system user registries:



Subtopics
Password sensitivity using a local operating system registry
Password case sensitivity using a local operating system registry
Related tasks
Selecting a registry or repository
Related reference
Simple WebSphere authentication mechanism (deprecated)
Concept topic Concept topic    

Terms of Use | Feedback

Last updatedLast updated: Sep 19, 2011 3:08:41 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=matt&product=was-nd-zos&topic=cseclocalos
File name: csec_localos.html