Sun Java System Web Server 6.1 SP11 Administrator's Guide

Configuring the Native Realm

As with all realms, you can configure the Native realm using the AUTHREALM element within the SECURITY element in server.xml. Example:

<AUTHREALM name="native" 
    <PROPERTY name="auth-db" value="mykeyfile">
    <PROPERTY name="jaas-context" value="nativeRealm">

The auth-db property points to the core authentication database to which the Native realm instance delegates all authentication requests. In this example, an authentication database named “mykeyfile”. This property is optional. If not specified, the core authentication engine will use the default auth-db to process all requests from this Native realm. As in the case of most realms, the jaas-context property is a pointer to the JAAS login context to be used (defined in login.conf).

No other configuration is needed by the Native realm. However, since requests are being delegated to a core authentication database, that particular authentication database must also be property configured. The rest of this section provides an example of configuring a core authentication database.

To configure a core (native) authentication database, in server.xml, the VS element must contain a USERDB element which maps the auth-db name to a database name. For example:

<VS id=""  ....
    <USERDB id="mykeyfile" database="myalt">

Note that if the auth-db property is not given (in which case "default" is used) you could have a USERDB entry mapping id="default" to some database name. If no mapping is present, the mapping is to default.

Next, the file install-root/userdb/dbswitch.conf must contain the configuration for the myalt database. The following example defines myalt to be a file-based authentication database.

directory myalt file
myalt:syntax keyfile
myalt:keyfile /local/ws61/

The above configuration is not specific to the Native realm. Any valid authentication directory configuration can be used as the destination authentication database by the Native realm. This means the Native realm can be configured to delegate to native LDAP authentication databases or even to custom native authentication databases.

Note –

In Sun Java System web Server 6.1, web applications have two distinct mechanisms for using LDAP as the authentication engine: