You can use scripting to enable or disable application security, global security,
administrative security based on the LocalOS registry, and authentication mechanisms.
Before you begin
Before starting this task, the wsadmin tool must be running. See the Starting the wsadmin
scripting client topic for more information.
About this task
The default profile sets up AdminTask
procedures so that you can enable and
disable administrative security based on LocalOS registry.
Procedure
-
Use the isAppSecurityEnabled command to determine if application security is
enabled or disabled, as the following example demonstrates:
-
Using Jacl:
$AdminTask isAppSecurityEnabled {}
-
Using Jython:
AdminTask.isAppSecurityEnabled()
This command returns a value of true
if application security is
enabled. Otherwise, returns a value of false
.
-
Use the isGlobalSecurityEnabled command to determine if administrative
security is enabled or disabled, as the following example demonstrates:
-
Using Jacl:
$AdminTask isGlobalSecurityEnabled{}
-
Using Jython:
AdminTask.isGlobalSecurityEnabled()
Returns a value of true
if admin security is enabled. Otherwise,
returns a value of false
.
-
Use the setGlobalSecurity command to set administrative security based on
the passed in value, as the following example demonstrates:
-
Using Jacl:
$AdminTask setGlobalSecurity {-enabled true}
-
Using Jython:
AdminTask.setGlobalSecurity ('[-enabled true]')
Returns a value of true
if the enabled
field in the
WCCM security model is successfully updated. Otherwise, returns a value of
false
.
-
Use the help command to find out the arguments that you need to provide with
this call, as the following example demonstrates:
-
Using Jacl:
Example output:
Syntax: securityon user password
-
Using Jython:
securityon()
Example output:
Syntax: securityon(user, password)
-
Enable administrative security based on the LocalOS registry, as the following example
demonstrates:
-
Using Jacl:
securityon user1 password1
-
Using Jython:
securityon('user1', 'password1')
-
Disable administrative security based on the LocalOS registry, as the following example
demonstrates:
-
Using Jacl:
-
Using Jython:
securityoff()
-
Enable and disable LTPA and Kerberos authentication.
Use the
setActiveAuthMechanism command to set Kerberos as the authentication
mechanism in the security configuration, as the following example
demonstrates:
AdminTask.setActiveAuthMechanism('-authMechanismType KRB5')
Use the setActiveAuthMechanism command to set LTPA as the authentication mechanism in the
security configuration, as the following example
demonstrates:
AdminTask.setActiveAuthMechanism('-authMechanismType LTPA')
Additionally, there are sample scripts located in the
app_server_root/bin directory on how to enable and disable
LTPA authentication. The scripts are:
- LTPA_LDAPSecurityProcs.py (python script)
- LTPA_LDAPSecurityProcs.jacl (jacl script)
Note: The scripts hard code the type of LDAP server and base distinguished name (baseDN). The
LDAP server type is hardcoded as IBM_DIRECTORY_SERVER
and the baseDN is hardcoded
as o=ibm,cn=us
.