Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Select an authentication mechanism


 Setting up Kerberos as the authentication mechanism for WAS

We must perform steps in this article in order to set up Kerberos as the authentication mechanism for WAS. JAX-WS

Kerberos authentication mechanism on the server side must be done by the system administrator and on the Java client side by end users. The Kerberos keytab file must to be protected.

We must first ensure that the KDC is configured. See your Kerberos Administrator and User's guide for more information.

Avoid trouble: When configuring the envar file for a z/OS KDC, order the encryption types from most secure to least secure for the SKDC_TKT_ENCTYPES environment variable. The z/OS KDC prefers to use the encryption types that are first in the list, from left to right.

We must perform the following steps in order to set up Kerberos as the authentication mechanism for WAS.


Procedure

  1. Create a Kerberos service principal name and keytab file

  2. Create a Kerberos configuration file

  3. Configure Kerberos as the authentication mechanism for WebSphere Application Sever

  4. Map a client Kerberos principal name to the WebSphere user registry ID

  5. Set up Kerberos as the authentication mechanism for the pure Java client (optional)





Related tasks

Create a Kerberos service principal name and keytab file
Create a Kerberos configuration file
Configure Kerberos as the authentication mechanism
Map of a client Kerberos principal name to the WebSphere user registry ID
Configure a Java client for Kerberos authentication
Authenticate users
Configure CSIV2 inbound and outbound communication settings
Configure SPNEGO web authentication

Related reference

Kerberos authentication commands
SPNEGO web authentication configuration commands
Use the ktab command to manage the Kerberos keytab file
Kerberos: The Network Authentication Protocol









+

Search Tips   |   Advanced Search