Setting up Kerberos as the authentication mechanism for WebSphere Application Server

You must perform the steps to set up Kerberos as the authentication mechanism for WebSphere® Application Server.

About this task

Note: Kerberos authentication mechanism on the server side must be done by the system administrator and on the Java client side by end users. The Kerberos keytab file must to be protected.

You must first ensure that the KDC is configured. For more information, see your Kerberos Administrator and User's guide.

Avoid trouble Avoid trouble: When configuring the envar file for a z/OS® KDC, order the encryption types from most secure to least secure for the SKDC_TKT_ENCTYPES environment variable. The z/OS KDC prefers to use the encryption types that are first in the list, from left to right.gotcha

You must perform the following steps to set up Kerberos as the authentication mechanism for WebSphere Application Server.

Procedure

  1. Create a Kerberos service principal name and keytab file
  2. Create a Kerberos configuration file
  3. Configure Kerberos as the authentication mechanism for WebSphere Application Server by using the administrative console
  4. Map a client Kerberos principal name to the WebSphere user registry ID
  5. Set up Kerberos as the authentication mechanism for the pure Java client (optional)
Task topic    

Terms and conditions for information centers | Feedback

Last updated: April 17, 2014 10:32 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-express-iseries&topic=tsec_kerb_setup
File name: tsec_kerb_setup.html