Setting up Kerberos as the authentication mechanism for WebSphere Application Server
You must perform the steps to set up Kerberos as the authentication mechanism for WebSphere® Application Server.
About this task
You must first ensure that the KDC is configured. For more information, see your Kerberos Administrator and User's guide.
To configure a KDC on z/OS®, you must activate the APPL class in RACF®. This action has the effect of enabling the APPL class profile that is defined for WebSphere and might restrict the ability of authenticated users to access applications that run on WebSphere. If your security configuration is using an SAF profile prefix, the profile name is the SAF profile prefix. Otherwise, the profile name is CBS390. To control whether the APPL profile is checked for WebSphere authorization, you can configure the checkbox that is labeled Use APPL profile to restrict access to the server on the SAF authorization panel in the administrative console. This setting can be configured at a WebSphere security domain level.
You must perform the following steps to set up Kerberos as the authentication mechanism for WebSphere Application Server.