start of change

Managing federated security

Use the Federated Security page to view and manage users, groups, and security properties for the selected cluster.

Federated security is a security configuration that provides separation between the service that a client accesses and the authentication and authorization procedures for accessing the service.

To manage security for the cluster, select one of the following options from the View list at the top of the page:
Users
You can view and edit the properties of a PowerHA® SystemMirror user, remove a user, and set whether an administrator can change the password for a user. Also, you can create a user in two different ways. You can create a user by configuring all user properties, or you can create a user based on the properties of an existing user.
User groups
You can view and edit the properties of a PowerHA SystemMirror user group, remove a group, and add an existing user to a group. Also, you can create a user group in two different ways. You can create a user group by configuring all user group properties, or you can create a user group based on the properties of an existing group.
Roles
You can view and edit the properties of a PowerHA SystemMirror role, create a role, and remove an existing role.
LDAP management
You can configure a Lightweight Directory Access Protocol (LDAP) server and create a client connection to that server. You then can use LDAP as the registry for cluster users. Also, you can disconnect the cluster from the current LDAP server if you want to change the registry configuration for the cluster.
EFS management
You can configure an optional Encrypted File System (EFS) for the cluster. You also can edit the properties of an existing EFS configuration or remove the EFS configuration for the cluster.

start of changeConfiguring EFS adds a layer of security by encrypting all user information in the registry. You can configure EFS to encrypt user information for either type of registry. Using EFS also enables users to encrypt their data through the use of credentials in a keystore specific to a user.end of change

For more information about managing federated security, see the Federated security topic in the AIX® Information Center.

end of change