This is 4th part in this series.
The following is a link to IBM developerWorks article which covers many FAQs on security.
List of Questions
- When does WebSphere Application Server contact the registry for user
- Does WebSphere Application Server work with NIS?
- What are my options if I want to turn on security with a non-administrator account in a Windows environment?
- What are my options if I want to turn on security with a non-root server ID in a UNIX environment?
- Will Local OS authentication work in a distributed environment?
- My users authenticate with one userid but I want them to be identified with another ID from LDAP. Is that possible?
- When using a federated repository, is there a way to ensure that my file-based registry will continue to function when a LDAP server is down?
- Why do I need to enable SSO when using form-based login in my WebSphere Application Server application?
- I want to force my users to login again after a set “inactivity timeout” period. How is WebSphere Application Server supposed to work with regard to session timeouts and LTPA timeouts?
- Is there anything I can do to prevent my LTPA keys from becoming out of sync between my cells?
- Can a WebSphere Application Server cell span multiple DNS domains?
- Why is SWAM usage discouraged?
- When should I use a custom login module versus a TAI to assert identity information?
- How do I change my passwords (database, LDAP, and so on) without causing an outage?
- What WebSphere Application Server proprietary extensions provide for J2EE security?
- Does WebSphere Application Server support CA Siteminder?
- WebSphere Application Server stores passwords XOR encoded. I’d like to use something stronger. What can I do?
- How can I debug the Java 2 security exceptions and AccessControlExceptions?
- Is there any documentation available on how best to configure Microsoft Active Directory with WebSphere Application Server?
Link to document