You must perform the steps to set up Kerberos as the authentication mechanism for WebSphere® Application Server.
You must first ensure that the KDC is configured. For more information, see your Kerberos Administrator and User's guide.
To configure a KDC on z/OS®, you must activate the APPL class in RACF®. This action has the effect
of enabling the APPL class profile that is defined for WebSphere and might restrict the ability
of authenticated users to access applications that run on WebSphere. If your security
configuration is using an SAF profile prefix, the profile name is
the SAF profile prefix. Otherwise, the profile name is CBS390. To
control whether the APPL profile is checked for WebSphere authorization, you can configure
the checkbox that is labeled "Use APPL profile to restrict access
to the server" on the SAF authorization panel in the administrative console.
This setting can be configured at a WebSphere security domain level.
You must perform the following steps to set up Kerberos as the authentication mechanism for WebSphere Application Server.