Enable and disabling security using scripting

You can use scripting to enable or disable administrative security. Before starting this task, the wsadmin tool must be running. See the Starting the wsadmin scripting client article for more information.

Overview

The default profile sets up procedures so that you can enable and disable administrative security based on LocalOS registry.

Procedure

• To determine if application security is enabled or disabled by looking at the value of the appEnabled field in the WCCM security model, use the isAppEnabled command...

  Using Jacl:

  $AdminTask isAppSecurityEnabled {}

  Using Jython:

  AdminTask.isAppSecurityEnabled()

  This command returns a value of true if appEnabled is set to true. Otherwise, returns a value of false.

• To determine if administrative security is enabled or disabled by looking at the value of the enabled field in the WCCM security model, use the isGlobalSecurityEnabled command...

  Using Jacl:

  $AdminTask isGlobalSecurityEnabled{}

  Using Jython:

  AdminTask.isGlobalSecurityEnabled()

  Returns a value of true if enabled is set to true. Otherwise, returns a value of false.

• To set administrative security based on the passed in value, use the setGlobalSecurity command. For example:

  Using Jacl:

  $AdminTask setGlobalSecurity {-enabled true}

  Using Jython:

  AdminTask.setGlobalSecurity ('[-enabled true]')

  Returns a value of true if the enabled field in the WCCM security model is successfully updated. Otherwise, returns a value of false.

• You can use the help command to find out the arguments that you need to provide with this call...

  Using Jacl:

  securityon help

  Example output:

  Syntax: securityon user password 

  • Using Jython:

    securityon()

    Example output:

    Syntax: securityon(user, password)

• To enable administrative security based on the LocalOS registry, use the following procedure call and arguments:

  Using Jacl:

  securityon user1 password1

  • Using Jython:

    securityon('user1', 'password1')

• To disable administrative security based on the LocalOS registry, use the following procedure call:

  Using Jacl:

  securityoff

  • Using Jython:

    securityoff()

  Enabling and disabling LTPA authentication There are sample scripts located in the <WAS_ROOT>/bin directory on how to enable and disable LTPA authentication. The scripts are:

  • LTPA_LDAPSecurityProcs.py (python script)

  • LTPA_LDAPSecurityProcs.jacl (jacl script)

  Note: The scripts hard code the type of LDAP server and base distinguished name (baseDN). The LDAP server type is hardcoded as IBM_DIRECTORY_SERVER and the baseDN is hardcoded as o=ibm,cn=us.