friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaie_5.4.0.1/rzaieconfigpwdprotection.htm

223 lines
13 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="topic" />
<meta name="DC.Title" content="Set up password protection on HTTP Server (powered by Apache)" />
<meta name="abstract" content="This topic provides information about how to set up password protection for resources on your HTTP Server with the IBM Web Administration for i5/OS interface." />
<meta name="description" content="This topic provides information about how to set up password protection for resources on your HTTP Server with the IBM Web Administration for i5/OS interface." />
<meta name="DC.Relation" scheme="URI" content="rzaieparsecurity.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2002,2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2002,2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaieconfigpwdprotection" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Set up password protection on HTTP Server (powered by Apache)</title>
</head>
<body id="rzaieconfigpwdprotection"><a name="rzaieconfigpwdprotection"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Set up password protection on HTTP Server (powered by Apache)</h1>
<div><p>This topic provides information about how to set up password protection
for resources on your HTTP Server with the <span>IBM<sup>®</sup> Web Administration for i5/OS™ interface</span>.</p>
<div class="important"><span class="importanttitle">Important:</span> Information
for this topic supports the latest PTF levels for HTTP Server for i5/OS .
It is recommended that you install the latest PTFs to upgrade to the latest
level of the HTTP Server for i5/OS. Some of the topics documented here are
not available prior to this update. See <a href="http://www-03.ibm.com/servers/eserver/iseries/software/http/services/service.html" target="_blank">http://www.ibm.com/servers/eserver/iseries/software/http/services/service.htm</a> <img src="www.gif" alt="Link outside Information Center" /> for more information. </div>
<p>You can protect Web resources by asking the user for a userid and password
to gain access to these resources. Group files can be used to classify users
into groups (for example: users and administrators). This allows you to limit
access to those users that are defined in a group. If the user is listed in
the group, then the userid and password are validated in one of the following
ways: </p>
<ul><li>Internet users in a validation list - This requires you to create a <a href="rzaievalidlist.htm">validation list</a> that contains
Internet users. You can create a validation list and Internet users through
the <span>IBM Web Administration for i5/OS interface</span>. </li>
<li><a href="#rzaieconfigpwdprotection_user">User profiles password protection</a> -
This requires that each user must have a system user profile. </li>
<li><a href="#rzaieconfigpwdprotection_ldap">LDAP password
protection</a> - This requires that you configure a LDAP server with the
user entries. </li>
</ul>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaieparsecurity.htm" title="This topic provides step-by-step tasks for security.">Security tasks</a></div>
</div>
</div><div class="nested1" id="rzaieconfigpwdprotection_group"><a name="rzaieconfigpwdprotection_group"><!-- --></a><h2 class="topictitle2">Group file password protection</h2>
<div><p>The following steps explain how to add password protection (using groups)
to a directory <a href="rzaiecontext.htm">context</a>.</p>
<ol><li>Create a group file with the following format: <p><tt>groupname: user1[,
user2[, user3...]]</tt></p>
<dl><dt class="dlterm">groupname</dt>
<dd>Any name you want to use to identify the group you are defining. This
name can be used on subsequent group definitions within the same server group
file. </dd>
</dl>
<dl><dt class="dlterm">user1[, user2[, user3...]] </dt>
<dd>This can be any combination of user names and group names. Separate each
item with a comma. </dd>
</dl>
<p>For example:</p>
<pre>ducks: webfoot, billface, swandude
geese: goosegg, bagel
flock: ducks, geese</pre>
<p>In the above example, notice that once the
groups named ducks and geese are defined, they can be included as part of
the group named <tt>flock</tt>. </p>
</li>
<li>Click the <strong>Manage</strong> tab. </li>
<li>Click the <span class="uicontrol">HTTP Servers</span> subtab.</li>
<li>Select your HTTP Server (powered by Apache) from the <strong>Server</strong> list.
</li>
<li>Select the <a href="rzaiecontext.htm">context</a> you
want to work with from the <strong>Server area</strong> list. <div class="note"><span class="notetitle">Note:</span> Do not select
Global configuration or Virtual Host. If the Authentication tab cannot be
selected, select a different context to work with from the Server area list. </div>
</li>
<li>Expand <strong>Server Properties</strong>. </li>
<li>Click <strong>Security</strong>. </li>
<li>Click the <strong>Authentication</strong> tab in the form. </li>
<li>Select <strong>Use Internet users in validation list</strong> or <strong>Use OS/400<sup>®</sup> profile
of client</strong> under <strong>User authentication method</strong>. <div class="note"><span class="notetitle">Note:</span> Your selection
should be based off of the incoming traffic your HTTP Server (powered by Apache)
will receive. If incoming traffic is from outside of your local access network,
using Internet users in a validation list would be more beneficial than using i5/OS™ profiles.
If incoming traffic is from a local access network, using i5/OS profiles would
be more beneficial than using Internet users in a validation list. </div>
</li>
<li>Enter an authentication name or realm. The realm name is displayed on
the login prompt. </li>
<li>Add a user authentication method if necessary. </li>
<li>Click <strong>OK</strong>. </li>
</ol>
<p>After configuring authentication, you must configure control access. </p>
<ol><li>Select the same context you work with previously from the Server area
list. </li>
<li>Expand <strong>Server Properties</strong>. </li>
<li>Click <strong>Security</strong>. </li>
<li>Click the <strong>Control Access</strong> tab in the form. </li>
<li>Select <strong>Specific users and groups</strong>. </li>
<li>Click <strong>Add</strong> under the <strong>User and Group names</strong> table. </li>
<li>Select <strong>Group</strong> from the list in the <strong>Type</strong> column. </li>
<li>Enter the name of the group in the <strong>Name</strong> column. </li>
<li>Enter the path/filename of the group file used above. </li>
<li>Click <strong>OK</strong>. </li>
</ol>
<p>Note that changes to existing group files take effect after the HTTP Server
is restarted. </p>
</div>
</div>
<div class="nested1" id="rzaieconfigpwdprotection_user"><a name="rzaieconfigpwdprotection_user"><!-- --></a><h2 class="topictitle2">User profiles password protection</h2>
<div><p>You can protect Web resources by asking the user for a userid and password
to gain access to these resources. An iSeries™ user profile can be used to authenticate
users. </p>
<p>To configure password protection using a user profile, do the following:
</p>
<ol><li>Click the <strong>Manage</strong> tab. </li>
<li>Click the <span class="uicontrol">HTTP Servers</span> subtab.</li>
<li>Select your HTTP Server (powered by Apache) from the <strong>Server</strong> list.
</li>
<li>Select the <a href="rzaiecontext.htm">context</a> you
want to work with from the Server area list. </li>
<li>Expand <strong>Server Properties</strong>. </li>
<li>Click <strong>Security</strong>. </li>
<li>Click the <strong>Authentication</strong> tab in the form. <div class="note"><span class="notetitle">Note:</span> If the Authentication
tab cannot be selected, select a different context to work with from the <strong>Server
area</strong> list.</div>
</li>
<li>Select <strong>Use OS/400 profile of client</strong> under <strong>User authentication
method</strong>. </li>
<li>Enter an authentication name or realm. The realm name is displayed on
the login prompt. </li>
<li>Choose one of the two methods below: <p>Enter a user name in the <strong>OS/400
user profile to process requests</strong> field. </p>
<p>Select a user name under <strong>OS/400
user profile to process requests</strong>. Select <strong>Default server profile</strong> to
allow the HTTP Server profile (QTMHHTTP) to process requests. </p>
</li>
<li>Click <strong>OK</strong>. </li>
</ol>
<p>After configuring authentication, you must configure control access. </p>
<ol><li>Select the same context you work with previously from the <strong>Server area</strong> list.
</li>
<li>Expand Server Properties. </li>
<li>Click <strong>Security</strong>. </li>
<li>Click the <strong>Control Access</strong> tab in the form. </li>
<li>Select <strong>All authenticated users (valid user name and password)</strong> under <strong>Control
access based on who is making requests</strong>. </li>
<li>Click <strong>OK</strong>. </li>
</ol>
</div>
</div>
<div class="nested1" id="rzaieconfigpwdprotection_ldap"><a name="rzaieconfigpwdprotection_ldap"><!-- --></a><h2 class="topictitle2">LDAP password protection</h2>
<div><p>You can protect Web resources by asking the user for a userid and password
(to gain access to these resources). A Lightweight Directory Access Protocol
(LDAP) server can be used to authenticate users. </p>
<p>LDAP is a directory service protocol that runs over TCP/IP, using non-secure
or Secure Sockets Layer (SSL). The LDAP directory service follows a client/server
model, where one or more LDAP servers contain the directory data. This allows
any LDAP-enabled application to store information once (such as user authentication
information). Other applications using the LDAP server are then able to request
the stored information. The HTTP server (powered by Apache) can act as a LDAP
client, making requests for information. </p>
<p>One of the advantages of using the LDAP server for authentication is that
it allows the information to be shared by multiple LDAP clients, and stores
the information in a platform independent fashion. This can help prevent information
from being duplicated within a network. </p>
<p>The following steps explain how to add password protection (using LDAP)
to a directory <a href="rzaiecontext.htm">context</a>.
</p>
<ol><li>Click the <strong>Manage</strong> tab. </li>
<li>Click the <span class="uicontrol">HTTP Servers</span> subtab.</li>
<li>Select your HTTP Server (powered by Apache) from the <strong>Server</strong> list.
</li>
<li>Select the context you want to work with from the <strong>Server area</strong> list.
</li>
<li>Expand <strong>Server Properties</strong>. </li>
<li>Click <strong>Security</strong>. </li>
<li>Click the <strong>Authentication</strong> tab in the form. <div class="note"><span class="notetitle">Note:</span> If the Authentication
tab cannot be selected, select a different context to work with from the <strong>Server
area</strong> list.</div>
</li>
<li>Select <strong>Use user entries in LDAP server</strong> under <strong>User authentication
method</strong>. </li>
<li>Enter an authentication name or realm. The realm name is displayed on
the login prompt. </li>
<li>Enter an LDAP configuration file. </li>
<li>Enter an LDAP group name or filter. </li>
<li>Click <strong>OK</strong>. </li>
</ol>
<p>After configuring authentication, you must configure control access. </p>
<ol><li>Select the same context you work with previously from the Server area
list. </li>
<li>Expand <strong>Server Properties</strong>. </li>
<li>Click <strong>Security</strong>. </li>
<li>Click the <strong>Control Access</strong> tab in the form. </li>
<li>Select one of the options for who can access this resource. </li>
<li>Select one of the options for who can access this resource under <strong>Users
and groups who can access this resource</strong>. </li>
<li>Select <strong>Allow access to all, except the following</strong> under <strong>Control
access based on where the request is coming from</strong>. </li>
<li>Enter any domain names or IP address you do not want to allow access to.
</li>
<li>Click <strong>OK</strong>. </li>
</ol>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink