Before you begin
For security purposes, the WebSphere Application Server provides and supports the implementation for Windows operating system registries, AIX, Solaris and multiple versions of Linux operating systems. The respective operating system application programming interface (API) are called by the product processes (servers) for authenticating a user and other security-related tasks (for example, getting user or group information). Access to these APIs are restricted to users who have special privileges. These privileges depend on the operating system and are described below.
Before configuring the Local OS user registry you need to know the user name (ID) and password to use. This user can be any valid user in the user registry. This user is referred to as either a product security server ID, a server ID, or a server user ID in the documentation. Having a server ID means that a user has special privileges when calling protected internal methods. Normally, this ID and password are used to log into the administrative console after security is turned on. You can use other users to log in if those users are part of the administrative roles. When security is enabled, this server ID and password are authenticated with the user registry during product startup. If authentication fails, the server does not come up. So it is important to choose an ID and password that do not expire or change often. If the product server user ID or password need to change in the user registry, ensure that the changes are performed when all the product servers are up and running. After the changes are completed in the user registry, use the following steps to change the ID and the password information. Save, stop, and restart all the servers so that the product can use the new ID or password. If any problem arises after starting the product because of authentication problems that cannot be fixed, disable security before the server can start up. To avoid this step, make sure that the changes are validated in the Global Security panel. After the server is up, change the ID and password information and enable security.
Why and when to perform this task
The following steps are needed to perform this task initially when setting up security for the first time.
Steps for this task
The administrative console does not validate the user ID and password when you click OK. Validation is only done when you click OK or Apply in the Global Security panel. If you are enabling security for the first time, complete the other steps and navigate to the Global Security panel. Make sure that Local OS is selected as the active user registry. If security was already enabled and you had changed either the user or the password information in this panel, make sure to go to the Global Security panel and click OK or Apply to validate your changes. If your changes are not validated, the server might not start.
Result
For any changes in this panel to be effective, you need to save, stop, and start all the product servers, including deployment managers, nodes and application servers. If the server comes up without any problems, the setup is correct.
After completed these steps, you have configured WebSphere Application Server to use the local OS user registry to identify authorized users.
What to do next
Complete any remaining steps for enabling security. For more information, see Enabling security for all application servers.
Related concepts
Lightweight Directory Access Protocol user
registries
Custom user registries
Related tasks
Enabling security for all application servers
Authorizing access to administrator roles
Selecting a user registry