You can optionally
map a Kerberos principal to a System Authorization Facility (SAF)
identity on z/OS®.
If you choose the Use the KERB segment of an SAF user profile
radio
button on the Kerberos panel of the WebSphere Application Server administrative
console, you must have your Local OS users that are mapped to a specific
Kerberos principal. Read Mapping a Kerberos principal to a System Authorization Facility (SAF) identity on z/OS for
more information.