IBM Security Verify

 View Only
Expand all | Collapse all

How many registries does ISAM have

  • 1.  How many registries does ISAM have

    Posted Sun September 27, 2020 05:34 PM
    Edited by Joao Goncalves Sun September 27, 2020 05:53 PM
    I believe there are at least 3 registries (likely 4) that ISAM is using:
    • Appliance user, like admin. I believe this is defined in /etc/passwd of the appliance, but since I cannot check this, can someone validate it?
      • Used when we ssh to the appliance
      • Since no one can change /etc/passwd, we cannot create additional users of this type.
    • LMI user registry. I believe LMI is based on Websphere Liberty Profile, and it has its own Repository.
      • We can create users in the LMI interface using Manage system Settings -> System Settings -> Account Management
      • We can create new users here and groups with different permissions for ISAM management.
      • I can find the predefined group named isam-tenants.
      • If I change the password of admin in LMI, it affects the password of the Appliance user.
      • If I create a new user in this registry, it will not be recognized in CLI, but it can be used to login to LMI.
    • Local LDAP (or remote)
      • Used by the policy server for authentication and authorization, where we can find sec_master

    Something that I don't understand is where does Secure Access Control -> Global Settings -> User Registry users are defined. Likely a 4th registry.
    • Here I can find admin and easuser users and the adminGroup group. I can create additional users, but I have no clue where they are defined!
    • If I create a new user what is it used for?
    • I can't