Use these steps to configure local operating system registries.
For detailed information about using the local operating system user registry, see Local operating system registries. As installed, security is disabled for WebSphere Application Server. These steps set up security based on the local operating system user registry on which WebSphere Application Server is installed.
In WebSphere Application Server V6.1, you can use an internally-generated server ID because the Security WebSphere Common Configuration Model (WCCM) model contains a new tag, internalServerId. You do not need to specify a server user ID and a password during security configuration except in a mixed-cell environment. See Administrative roles and naming service authorization for more detailed information about the new internal server ID.
The following steps are needed to perform this task initially when setting up security for the first time.
The Primary administrative user name specifies the user profile to use when the server authenticates to the underlying operating system. This identity is also the user that has initial authority to access the administrative application through the administrative console. The administrative user ID is common to all user registries. The administrative ID is a member of the chosen registry and it has special privileges in WebSphere Application Server. However, it does not have any special privileges in the registry that it represents. In other words, you can select any valid user ID in the registry to use as the administrative user ID or server user ID. For the Primary administrative user name field, you can specify any user profile that meets this criteria:
A group profile is assigned a unique group ID number, which is not assigned to a regular user profile. Run the DSPUSRPRF Display User Profile command to determine if the user profile you want to use as the Primary administrative user name has a defined group ID number. If the Group ID field is set to *NONE, you can use the user profile as the Primary administrative user name.
The administrative console does not validate the user ID and password when you click OK. Validation is only done when you click OK or Apply in the Secure administration, applications, and infrastructure panel. First, make sure that you select Local operating system as the available realm definition in the User account repository section, and click Set as current. If security was already enabled and you had changed either the user or the password information in this panel, make sure to go to the Secure administration, applications, and infrastructure panel and click OK or Apply to validate your changes. If your changes are not validated, the server might not start.
Until you authorize other users to perform administrative functions, you can only access the administrative console with the server user ID and password that you specified. For more information, see Authorizing access to administrative roles.
For any changes in this panel to be effective, you need to save, stop, and start all the product servers, including deployment managers, nodes and application servers. If the server comes up without any problems, the setup is correct.
After completed these steps, you have configured WebSphere Application Server to use the local operating system registry to identify authorized users.
Complete any remaining steps for enabling security. For more
information, see Enabling security.