Set security with scripting
Configure security with scripting and wsadmin.
Before starting this task, wsadmin must be running. Read about Start wsadmin article for more information.
If we enable security for an appserver cell, supply authentication information to communicate with servers. The sas.client.props and the soap.client.props files are located in the following properties directory for each appserver profile:
- The nature of the properties file updates required for running in secure mode depend on whether you connect with a Remote Method Invocation (RMI) connector, a JSR160RMI connector, an IPC or a SOAP connector:
- If we use a Remote Method Invocation (RMI) connector or a JSR160RMI connector, set the following properties in sas.client.props with the appropriate values:com.ibm.CORBA.loginUserid= com.ibm.CORBA.loginPassword=Also, set the following property:com.ibm.CORBA.loginSource=propertiesThe default value for this property is prompt in sas.client.props. If we leave the default value, then a dialog box is displayed with a password prompt. If the script is running unattended, then the system stops.
- If we use a SOAP connector, set the following properties in the soap.client.props file with the appropriate values:com.ibm.SOAP.securityEnabled=true com.ibm.SOAP.loginUserid= com.ibm.SOAP.loginPassword=Optionally, set the following property:com.ibm.SOAP.loginSource=noneThe default value for this property is prompt in the soap.client.props file. If we leave the default value, a dialog box is displayed with a password prompt. If the script is running unattended, then the system stops.
- If we use an IPC connector, set the following properties in the ipc.client.props file with the appropriate values:com.ibm.IPC.loginUserid= com.ibm.IPC.loginPassword=Optionally, set the following property:com.ibm.IPC.loginSource=promptThe default value for this property is prompt in the soap.client.props file. If we leave the default value, a dialog box appears with a password prompt. If the script is running unattended, it appears to hang.
- Specify user and password information. Choose one of the following methods:
- Specify user name and password on a command line, using the -user and -password commands, as the following examples demonstrate:wsadmin -conntype JSR160RMI -port 2809 -user u1 -password secret1
- Specify user name and password in sas.client.props for an RMI connector, the ipc.client.props file for the IPC connector, or the soap.client.props file for a SOAP connector.
If we specify user and password information on a command line and in sas.client.props or the soap.client.props file, the command line information overrides the information in the props file.
[AIX] [HP-UX] [Linux] [Solaris]
The use of -password option may result in security exposure as the password information becomes visible to the system status program such as ps command which can be invoked by other user to display all the running processes. Do not use this option if security exposure is a concern. Instead, specify user and password information in the soap.client.props file for the SOAP connector, sas.client.props for the JSR160RMI connector or the Remote Method Invocation (RMI) connector, or the ipc.client.props file for the IPC connector. The soap.client.props, sas.client.props, and ipc.client.props files are located in the properties directory of the profile.
Enable and disable security using scripting
Enable and disable Java 2 security using scripting
Set multiple security domains using scripting
Set the JACC provider for TAM using the wsadmin utility
Secure communications using wsadmin
Enable authentication in the file transfer service using scripting
Propagating security policy of installed applications to a JACC provider using wsadmin scripting
Set custom adapters for federated repositories using wsadmin
Disable embedded TAM client using wsadmin
Set security auditing using scripting
SpnegoTAICommands group for AdminTask (deprecated)
The Kerberos configuration file
SPNEGO Web authentication configuration commands
SPNEGO Web authentication filter commands
Kerberos authentication commands
LTPA_LDAPSecurityOn and LTPA_LDAPSecurityOff command usage
Use scripting (wsadmin)
Getting started with scripting