Map a client Kerberos principal name to the WebSphere user registry ID

Before you begin

Configure Kerberos as the authentication mechanism for WebSphere Application Server by using the administrative console

About this task

Step 4 towards the goal: Setting up Kerberos as the authentication mechanism for WebSphere Application Server

Procedure

You can map the Kerberos client principal name to the WebSphere user registry ID for both Simple and Protected GSS-API Negotiation (SPNEGO) web authentication and Kerberos authentication. Read the Mapping of a client Kerberos principal name to the WebSphere user registry ID article for more information.

[z/OS] You can optionally map a Kerberos principal to a System Authorization Facility (SAF) identity on z/OS®.

[z/OS] If you choose the Use the KERB segment of an SAF user profile radio button on the Kerberos panel of the WebSphere Application Server administrative console, you must have your Local OS users that are mapped to a specific Kerberos principal. Read Mapping a Kerberos principal to a System Authorization Facility (SAF) identity on z/OS for more information.

What to do next

Set up Kerberos as the authentication mechanism for the pure Java client (optional)
Task topic    

Terms and conditions for information centers | Feedback

Last updated: April 20, 2014 08:46 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-nd-mp&topic=tsec_kerb_setup_step4
File name: tsec_kerb_setup_step4.html