ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaie_5.4.0.1/rzaiejklsecurity.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="topic" />
<meta name="DC.Title" content="JKL Toy Company adds password protection for HTTP Server (powered by Apache)" />
<meta name="abstract" content="This scenario discusses how to add password protection." />
<meta name="description" content="This scenario discusses how to add password protection." />
<meta name="DC.Relation" scheme="URI" content="rzaiescenarios.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2002,2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2002,2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaiejklsecurity" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>JKL Toy Company adds password protection for HTTP Server (powered by
Apache)</title>
</head>
<body id="rzaiejklsecurity"><a name="rzaiejklsecurity"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">JKL Toy Company adds password protection for HTTP Server (powered by
Apache)</h1>
<div><p>This scenario discusses how to add password protection.</p>
<div class="important"><span class="importanttitle">Important:</span> Information
for this topic supports the latest PTF levels for HTTP Server for i5/OS .
 It is recommended that you install the latest PTFs to upgrade to the latest
level of the HTTP Server for i5/OS. Some of the topics documented here are
not available prior to this update. See <a href="http://www-03.ibm.com/servers/eserver/iseries/software/http/services/service.html" target="_blank">http://www.ibm.com/servers/eserver/iseries/software/http/services/service.htm</a> <img src="www.gif" alt="Link outside Information Center" /> for more information. </div>
<div class="section"><h4 class="sectiontitle">Scenario</h4><p>The JKL Toy Company (a fictitious company)
wants to protect a set of Web pages on its Web site so that they can only
be viewed by visitors that have a password. In order to add password protection,
JKL needs to decide what type of authentication method to use:</p>
<ul><li>Internet user - requires an entry in a validation list.</li>
<li>User profile - requires an iSeries™ server user profile.</li>
<li>LDAP - requires an LDAP server.</li>
</ul>
<p>JKL Toy Company chooses to use Internet users for the following reasons:</p>
<ul><li>User profiles are not desirable since JKL does not want to create a user
profile for each authenticated visitor to the Web site.</li>
<li>Since JKL only wants to implement authentication on one iSeries, validation
lists will be used. LDAP is a better solution for multiple systems.</li>
</ul>
<p>The Web page content to be protected is in the preexisting directory <strong>/www/jkltest/profiles/</strong>.
The visitor's user name and passwords will be stored in a new validation list
called <strong>users</strong> in library <strong>PROFILES</strong>. The first user name that we
will enter is <strong>sjones</strong> with a password of <strong>dragon102</strong>. </p>
</div>
<div class="section" id="rzaiejklsecurity__prerequisites"><a name="rzaiejklsecurity__prerequisites"><!-- --></a><h4 class="sectiontitle">Prerequisites</h4><ul><li>It is assumed you have read <a href="rzaiescenarios.htm">Scenarios for HTTP Server</a>.</li>
<li>It is assumed you have read and completed <a href="rzaiejklbasic.htm">JKL Toy Company creates an HTTP Server (powered by Apache)</a> or you have an existing HTTP Server (powered by Apache)
configuration.</li>
<li>It is assumed you have read and completed <a href="rzaiejklnewdir.htm">JKL Toy Company adds a new directory to HTTP Server (powered by Apache)</a>.</li>
<li>It is assumed you have access to or the correct authority to create an
iSeries library.</li>
</ul>
</div>
<div class="section"><h4 class="sectiontitle">Create a library for validation lists on your iSeries</h4><p>Skip
the following steps if you will be using an existing library on your iSeries
for your validation list.</p>
<ol><li>Start a 5250 session on your iSeries.</li>
<li>Enter <strong><tt>CRTLIB</tt></strong> on the command line.</li>
<li>Type the <strong>F4 key</strong> to prompt for additional parameters.</li>
<li>Enter a name for your library in the <strong>Library</strong> field.<p>Example:
PROFILES</p>
</li>
<li><strong>Optional</strong>: Edit the remaining fields as necessary or accept the
default values.</li>
<li>Type the <strong>Enter key</strong> (or equivalent) to create your library.</li>
</ol>
<p>Make sure the proper authorities and restrictions you want on the
library are active before continuing.</p>
</div>
<div class="section"><h4 class="sectiontitle">Start the <span>IBM<sup>®</sup> Web Administration for i5/OS™ interface</span></h4><div class="note"><span class="notetitle">Note:</span> Enter
your <a href="rzaiesetauth.htm">Webmaster user profile username
and password</a> when prompted.</div>
<ol><li>Start a <a href="rzaieinstalling.htm#rzaieinstalling__web">Web
browser</a>.</li>
<li>Enter <strong>http://[iSeries_hostname]:2001</strong> in the location or URL field
.<p>Example: http://jkl_server:2001</p>
<div class="note"><span class="notetitle">Note:</span> If you have <a href="rzaiechangeport.htm">changed your port number for the <span>IBM Web Administration for i5/OS interface</span></a>,
replace port 2001 with your port number.</div>
</li>
<li>Click <strong>IBM HTTP
Server for iSeries</strong>.</li>
</ol>
<div class="note"><span class="notetitle">Note:</span> If the <span>IBM Web Administration for i5/OS interface</span> does
not start, see <a href="rzaieinstalling.htm">Install and test the HTTP Server</a>.</div>
</div>
<div class="section"><h4 class="sectiontitle">Set up password protection for a directory on HTTP Server
(powered by Apache)</h4><ol><li>Click the <strong>Manage</strong> tab.</li>
<li>Click the <strong>HTTP Servers</strong> subtab.</li>
<li>Select your HTTP Server (powered by Apache) from the <strong>Server</strong> list.<p>Example:
JKLTEST</p>
</li>
<li>Select <strong>Directory /www/[server_name]/[new_directory]/</strong> from the <strong>Server
area</strong> list.<p>Example: /www/jkltest/profiles/</p>
<div class="note"><span class="notetitle">Note:</span> The new directory
was created with the <a href="rzaiejklnewdir.htm">JKL Toy Company adds a new directory to HTTP Server (powered by Apache)</a> scenario.</div>
</li>
<li>Expand <strong>Server Properties</strong>.</li>
<li>Click <strong>Security</strong>.</li>
<li>Click the <strong>Authentication</strong> tab in the form.</li>
<li>Select <strong>Use Internet users in validation lists</strong>.</li>
<li>Enter a descriptive name in the <strong>Authentication name or realm</strong> field.<p>Example:
JKL Employee Profiles</p>
<div class="note"><span class="notetitle">Note:</span> When users attempt to access a password protected
resource, they are challenged for a username and password. The <strong>Authentication
name or realm</strong> value is displayed in the login window, and should provide
information regarding the resource the user is attempting to access.</div>
</li>
<li>Click <strong>Add</strong> under <strong>Validation lists</strong> table.</li>
<li>Enter <strong>[library]/[validation_list_name]</strong>.<p>Example: profiles/users</p>
<div class="note"><span class="notetitle">Note:</span> In
the above example, <strong>profiles</strong> is the name of the iSeries library and <strong>users</strong> is
the name of the validation list.</div>
</li>
<li>Click <strong>Continue</strong>.</li>
<li>Select <strong>Default server profile</strong> from the <strong>OS/400<sup>®</sup> user profile to process requests</strong> list
under <strong>Related information</strong>. When selected, the value <strong>%%SERVER%%</strong> will
be placed in the field.</li>
<li>Click <strong>Apply</strong>.</li>
<li>Click the <strong>Control Access</strong> tab in the form.</li>
<li>Select <strong>All authenticated users (valid user name and password)</strong> under <strong>Control
access based on who is making the requests</strong>.</li>
<li>Click <strong>OK</strong>.</li>
</ol>
</div>
<div class="section"><h4 class="sectiontitle">Create a validation list for HTTP Server (powered by Apache)</h4><ol><li>Click the <strong>Advanced</strong> tab.</li>
<li>Click the <span class="uicontrol">Internet Users and Groups</span> subtab.</li>
<li>Expand <strong>Internet Users and Groups</strong>.</li>
<li>Click <strong>Add Internet User</strong>.</li>
<li>Enter <strong>[username]</strong> into the <strong>User name</strong> field.<p>Example: sjones</p>
</li>
<li>Enter <strong>[password]</strong> into the <strong>Password</strong> field.<p>Example: dragon102</p>
</li>
<li>Enter the same password in the <strong>Confirm password</strong> field.</li>
<li><strong>Optional</strong>: Enter comments for this Internet user.</li>
<li>Enter <strong>[library]/[validation_list_name]</strong> in the <strong>Validation list</strong> field.<p>Example:
profiles/users</p>
<div class="note"><span class="notetitle">Note:</span> In the above example, <strong>profiles</strong> is the name
of the library and <strong>users</strong> is the name of the validation list.</div>
</li>
<li>Click <strong>Apply</strong>.</li>
</ol>
</div>
<div class="section"><h4 class="sectiontitle">Restart your HTTP Server (powered by Apache)</h4><p>Select
one of the following methods below:</p>
<p><strong>Manage one server</strong></p>
<ol><li>Click the <strong>Manage</strong> tab.</li>
<li>Click the <strong>HTTP Servers</strong> subtab.</li>
<li>Select your HTTP Server from the Server list.</li>
<li>Click the <strong>Stop</strong> icon if the server is running.</li>
<li>Click the <strong>Start</strong> icon.</li>
</ol>
<p><strong>Manage all servers</strong></p>
<ol><li>Click the <strong>Manage</strong> tab.</li>
<li>Click the <strong>HTTP Servers</strong> subtab.</li>
<li>Select <strong>All Servers</strong> from the Server list.</li>
<li>Click the <span class="uicontrol">All HTTP Servers</span> tab.</li>
<li>Select your HTTP Server name in the table.<p>Example: JKLTEST</p>
</li>
<li>Click <strong>Stop</strong> if the server is running.</li>
<li>Click <strong>Start</strong>.</li>
</ol>
<div class="note"><span class="notetitle">Note:</span> If your HTTP Server (powered by Apache) does not start, see <a href="rzaietrouble.htm">Troubleshoot</a>.</div>
</div>
<div class="section"><h4 class="sectiontitle">Test your HTTP Server (powered by Apache)</h4><ol><li>Open a new Web browser.</li>
<li>Enter <strong>http://[iSeries_hostname]:[port]/[new_directory_alias]/</strong>in
the location or URL field.<p>Example: http://jkl_server:1975/profiles/</p>
</li>
<li>Enter the username and password you created.</li>
</ol>
<p>You will be asked to provide a valid username and password. Enter
the username and password you entered in the validation list. It is suggested
you limit *PUBLIC authority, but allow authority to the Web administrator
user authority and QTMHHTTP.</p>
</div>
<div class="section"><h4 class="sectiontitle">View your HTTP Server (powered by Apache)
configuration</h4><p>Your configuration will look similar if you used the
given example in this and previous examples.</p>
<ol><li>Click the <strong>Manage</strong> tab.</li>
<li>Click the <strong>HTTP Servers</strong> subtab.</li>
<li>Select your HTTP Server (powered by Apache) from the <strong>Server</strong> list.<p>Example:
JKLTEST</p>
</li>
<li>Expand <strong>Tools</strong>.</li>
<li>Click <strong>Display Configuration File</strong>.</li>
</ol>
</div>
<div class="section"><pre>Alias /profiles/ /www/jkltest/profiles/
Listen *:1975
DocumentRoot /www/jkltest/htdocs
ServerRoot /www/jkltest
Options -ExecCGI -FollowSymLinks -SymLinksIfOwnerMatch -Includes -IncludesNoExec -Indexes -MultiViews
LogFormat "%h %l %u %t \"%r\" %&gt;s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{Cookie}n \"%r\" %t" cookie
LogFormat "%{User-agent}i" agent
LogFormat "%{Referer}i -&gt; %U" referer
LogFormat "%h %l %u %t \"%r\" %&gt;s %b" common
CustomLog logs/access_log combined
SetEnvIf "User-Agent" "Mozilla/2" nokeepalive
SetEnvIf "User-Agent" "JDK/1\.0" force-response-1.0
SetEnvIf "User-Agent" "Java/1\.0" force-response-1.0
SetEnvIf "User-Agent" "RealPlayer 4\.0" force-response-1.0
SetEnvIf "User-Agent" "MSIE 4\.0b2;" nokeepalive
SetEnvIf "User-Agent" "MSIE 4\.0b2;" force-response-1.0
&lt;Directory /&gt;
	Order Deny,Allow
	Deny From all
&lt;/Directory&gt;
&lt;Directory /www/jkltest/profiles&gt;
	Order Allow,Deny
	Allow From all
	Require valid-user
	PasswdFile profiles/users
	UserID %%SERVER%%
	AuthType Basic
	AuthName "JKL Employee Profiles"
&lt;/Directory&gt;
&lt;Directory /www/jkltest/htdocs&gt;
	Order Allow,Deny
	Allow From all
&lt;/Directory&gt;</pre>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiescenarios.htm" title="This topic provides information on how to use the IBM Web Administration for i5/OS interface to set up or manage your HTTP Server, step-by-step. Each task is specific and includes a usable HTTP Server configuration file when completed.">Scenarios for HTTP Server</a></div>
</div>
</div>
</body>
</html>