Setting up Kerberos as the authentication mechanism for WebSphere Application Server
You must perform the steps to set up Kerberos as the authentication mechanism for WebSphere® Application Server.
About this task
Note: Kerberos authentication mechanism on the server side must be done by the system administrator
and on the Java™ client side by end users. The Kerberos keytab
file must to be protected.
You must first ensure that the KDC is configured. For more information, see your Kerberos Administrator and User's guide.
Avoid trouble: When configuring the envar file
for a z/OS® KDC, order the encryption types from most secure
to least secure for the SKDC_TKT_ENCTYPES environment variable. The z/OS KDC prefers to use the encryption types that are first in the list, from
left to right.
You must perform the following steps to set up Kerberos as the authentication mechanism for WebSphere Application Server.