Use this information to configure DIGEST-MD5 authentication on
the Directory Server.
DIGEST-MD5 is an SASL authentication mechanism. When a client uses
DIGEST-MD5, the password is not transmitted in clear text and the protocol
prevents replay attacks. The Web administration tool is used to configure
DIGEST-MD5.
- Under Server administration, expand the Manage
security properties category in the navigation area and select
the DIGEST-MD5 tab.
Note: To change server
configuration settings using the tasks in the Server administration category
of the Web Administration tool, you must authenticate to the server as an IBM® i user profile that has *ALLOBJ
and IOSYSCFG special authorities. This can be done by authenticating as a
projected user with the password for that profile. To bind as a projected
user from the Web administration tool, enter a username of the form os400-profile=MYUSERNAME,cn=accounts,os400-sys=MYSYSTEM.COM
,
where MYUSERNAME and the MYSYSTEM.COM strings are replaced with your user
profile name and the configured system projection suffix, respectively.
- Under Server realm, use the preselected Default setting,
which is the fully qualified host name of the server, or you can click Realm and
type the name of the realm that you want to configure the server as.
This realm name is used by the client to determine which user name and
password to use. When using replication, you want to have all the servers
configured with the same realm.
- Under Username attribute, use the preselected Default setting,
which is uid, or you can click Attribute and type the
name of the attribute that you want the server to use to uniquely identify
the user entry during DIGEST-MD5 SASL binds.
- If you are logged in as the directory administrator, under Administrator
username, type the administrator username.
This field
cannot be edited by members of the administrative group. If the username specified
on a DIGEST-MD5 SASL bind matches this string, the user is the administrator.
Note: The
administrator username is case-sensitive.
- When you are finished, click OK.