Package and deployment build authentication
You can select the authentication type to use for package and deployment builds. The default is user ID and password authentication, but you can select other types of authentication instead.
Package and deployment build engines run on System z® or IBM® i.
You can configure authentication for Rational® Build Agent build engines that
are used for package and deployment builds running with WebSphere
Application Server version 8.5 or higher. You set the authentication
method for package and deployment builds by setting properties and
values in one or more of the following places:
- Startbfa.sh script - see the comments in the script for configuration information.
- Properties table of the build engine.
- Properties table of the package definition or invocation dialog.
- Properties table of the deployment definition or invocation dialog.
JAZZ_AUTH_METHOD
property to one of
the following values:USERNAME_PASSWORD_POLICY
CERTIFICATE_FILE_POLICY
KERBEROS_POLICY
JAZZ_AUTH_METHOD
property,
you must provide additional information:USERNAME_PASSWORD_POLICY
- Specify the
JAZZ_USER
and theJAZZ_PASSWORD_FILE
properties and values to identify the user ID and password used to access the build engine.USERNAME_PASSWORD_POLICY
is the default authentication method used for dependency builds. CERTIFICATE_FILE_POLICY
- Specify the
JAZZ_CERTIFICATE_FILE
and theJAZZ_PASSWORD_FILE
properties and values to identify the location of the certificate file and the password that accesses the build engine. KERBEROS_POLICY
- Specify the
JAZZ_USER
and theJAZZ_PASSWORD_FILE
properties and values to identify the user ID and password that must be used to access the build engine. You can set these values in either the script that starts the build engine or as a properties in the build definition itself.Note: In addition, you must set the following standard system properties in the Java VM arguments of the build definition:-Djava.security.krb5.realm
- Use this property to provide the realm (sometimes know as Kerberos domain name) to which you want to connect the client.
-Djava.security.krb5.kdc
- Set this property to the host name of the Key Distribution Center (KDC) or a Microsoft Active Directory server to which you want to connect the client. Optionally, you can include the port if your server does not use the default port.
-Djava.security.krb5.conf
- Instead of setting
-Djava.security.krb5.realm
and-Djava.security.krb5.kdc
, you can provide a path to a krb5.conf file, which can include other configuration properties in addition to these properties.
Important: The values for the properties
you specify must match the values configured for the WebSphere Application
Server. Check with your administrator to determine how the server
is configured.