WsSecCheck 1.0

Copyright (c) 2003 International Business Machines Corporation

Author: Steve Eaton, steaton@us.ibm.com

Contents: 

1.0 Overview
2.0 Prerequisites
3.0 Installation
	3.1 Windows
	3.2 Unix
4.0 Execution
5.0 Examples
===============================================================================

1.0 Overview

WsSecCheck provides a limited command-line, read-only view into WebSphere security ID's.  It is similar in concept to the LDAPSEARCH utility provided with LDAP clients.  A user ID and password defined in WebSphere's user registry is required to use this tool.

2.0 Prerequisites

WebSphere 5.0 or later


3.0 Installation
3.1 Windows


WsSecCheck.zip should be unzipped into the base install directory (such as c:\WebSphere\AppServer or c:\WebSphere\ND) directory.  Once installed it can be used to probe security settings on other WebSphere 5.0 machines on the network (with the use of a sufficient WebSphere ID and password).

3.2 Unix

WsSecCheck.zip should be unzipped into the base install directory (such as /opt/WebSphere/AppServer or /opt/WebSphere/ND) directory.  Use the -a option when unzipping to avoid problems with Windows end-of-line characters being placed placed in the properties file and launch script.  Once installed it can be used to probe security settings on other WebSphere 5.0 machines on the network (with the use of a sufficient WebSphere ID and password).

4.0 Execution
Windows: go to WebSphere's bin directory and type

wsseccheck <uid> <pswd>

Unix: 

Windows: go to WebSphere's bin directory and type

WsSecCheck.sh

or

./WsSecCheck.sh <uid> <pswd>

5.0 Examples

to display the realm:
realm

to display 1st 100 users: (or all if less than 100)
getUsers  * 100

list up to 50 users ending with "Smith"
getUsers *Smith 50

verify that there is a group "Managers"
getGroups Managers 1

get access ID for user Aboulfadl
getAI u "Aboulfadl"

get access ID for users in OS group Human Resources
getAI g "Human Resources"

get access ID for users in LDAP group Human Resources
getAI g "cn=Human Resources,ou=AGroupName,o=OrgName,c=Country"

verify that there is a user Aboulfadl with password Nabile
checkPwd "Aboulfadl" Nabile

as a system command, list resources available to user Aboulfadl, and redirect output to a file
WsSecCheck root rootPassword WsSecCheck.properties "getACs u \"Aboulfadl\"" > aboulAcs.txt

get a dump of the JAAS configuration, whatever that is:
getJAAS