JKL Inc. adds password protection for HTTP Server

 

 

+

Search Tips   |   Advanced Search

 

 

Scenario

The JKL Inc. (a fictitious company) wants to protect a set of Web pages on its Web site so that they can only be viewed by visitors that have a password. In order to add password protection, JKL needs to decide what type of authentication method to use:

Internet user Requires an entry in a validation list.
User profile Requires an i5/OS™ server user profile.
LDAP Requires an LDAP server.

JKL Inc. chooses to use Internet users for the following reasons:

The Web page content to be protected is in the preexisting directory...

/www/jkltest/profiles/

The visitor's user name and passwords will be stored in a new validation list called users in library PROFILES. The first user name that we will enter is sjones with a password of dragon102.

 

Prerequisites

 

Create a library for validation lists on your iSeries

Skip the following steps if you will be using an existing library on your iSeries for your validation list.

  1. Start a 5250 session on your iSeries.

  2. Enter CRTLIB on the command line.

  3. Type the F4 key to prompt for additional parameters.

  4. Enter a name for your library in the Library field.

    Example: PROFILES

  5. Optional: Edit the remaining fields as necessary or accept the default values.

  6. Type the Enter key (or equivalent) to create your library.

Make sure the proper authorities and restrictions you want on the library are active before continuing.

 

Start the IBM Web Administration for i5/OS interface

Enter your Webmaster user profile username and password when prompted.

  1. Start a Web browser.

  2. Enter http://[iSeries_hostname]:2001 in the location or URL field .

    Example: http://jkl_server:2001

    If you have changed your port number for the Web Administration for i5/OS interface, replace port 2001 with your port number.

  3. Click IBM® HTTP Server for iSeries.

If the Web Administration for i5/OS interface does not start, see Installing and testing the HTTP Server.

 

Set up password protection for a directory on HTTP Server (powered by Apache)

  1. Click...

    Manage | HTTP Servers | HTTP_Server

  2. Select Directory...

    /www/[server_name]/[new_directory]/
    from the Server area list.

    Example: /www/jkltest/profiles/

    The new directory was created with the JKL Inc. adds a new directory to HTTP Server (powered by Apache) scenario.

  3. Expand Server Properties.

  4. Click Security.

  5. Click the Authentication tab in the form.

  6. Select Use Internet users in validation lists.

  7. Enter a descriptive name in the Authentication name or realm field.

    Example: JKL Employee Profiles

    When users attempt to access a password protected resource, they are challenged for a username and password. The Authentication name or realm value is displayed in the login window, and should provide information regarding the resource the user is attempting to access.

  8. Click Add under Validation lists table.

  9. Enter [library]/[validation_list_name].

    Example: profiles/users

    In the above example, profiles is the name of the iSeries library and users is the name of the validation list.

  10. Click Continue.

  11. Select Default server profile from the OS/400® user profile to process requests list under Related information. When selected, the value %%SERVER%% will be placed in the field.

  12. Click Apply.

  13. Click the Control Access tab in the form.

  14. Select All authenticated users (valid user name and password) under Control access based on who is making the requests.

  15. Click OK.

 

Create a validation list for HTTP Server (powered by Apache)

  1. Click the Advanced tab.

  2. Click the Internet Users and Groups subtab.

  3. Expand Internet Users and Groups.

  4. Click Add Internet User.

  5. Enter [username] into the User name field.

    Example: sjones

  6. Enter [password] into the Password field.

    Example: dragon102

  7. Enter the same password in the Confirm password field.

  8. Optional: Enter comments for this Internet user.

  9. Enter [library]/[validation_list_name] in the Validation list field.

    Example: profiles/users

    In the above example, profiles is the name of the library and users is the name of the validation list.

  10. Click Apply.

 

Restart your HTTP Server (powered by Apache)

Select one of the following methods below:

Manage one server

  1. Click the Manage tab.

  2. Click the HTTP Servers subtab.

  3. Select your HTTP Server from the Server list.

  4. Click the Stop icon if the server is running.

  5. Click the Start icon.

Manage all servers

  1. Click the Manage tab.

  2. Click the HTTP Servers subtab.

  3. Select All Servers from the Server list.

  4. Click the All HTTP Servers tab.

  5. Select your HTTP Server name in the table.

    Example: JKLTEST

  6. Click Stop if the server is running.

  7. Click Start.

If your HTTP Server (powered by Apache) does not start, see Troubleshooting.

 

Test your HTTP Server (powered by Apache)

  1. Open a new Web browser.

  2. Enter http://[iSeries_hostname]:[port]/[new_directory_alias]/in the location or URL field.

    Example: http://jkl_server:1975/profiles/

  3. Enter the username and password you created.

You will be asked to provide a valid username and password. Enter the username and password you entered in the validation list. It is suggested you limit *PUBLIC authority, but allow authority to the Web administrator user authority and QTMHHTTP.

 

View your HTTP Server (powered by Apache) configuration

Your configuration will look similar if you used the given example in this and previous examples.

  1. Click the Manage tab.

  2. Click the HTTP Servers subtab.

  3. Select your HTTP Server (powered by Apache) from the Server list.

    Example: JKLTEST

  4. Expand Tools.

  5. Click Display Configuration File.
Alias /profiles/ /www/jkltest/profiles/
Listen *:1975
DocumentRoot /www/jkltest/htdocs ServerRoot /www/jkltest Options -ExecCGI -FollowSymLinks -SymLinksIfOwnerMatch -Includes -IncludesNoExec -Indexes -MultiViews LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%{Cookie}n \"%r\" %t" cookie LogFormat "%{User-agent}i" agent LogFormat "%{Referer}i -> %U" referer LogFormat "%h %l %u %t \"%r\" %>s %b" common CustomLog logs/access_log combined SetEnvIf "User-Agent" "Mozilla/2" nokeepalive SetEnvIf "User-Agent" "JDK/1\.0" force-response-1.0
SetEnvIf "User-Agent" "Java/1\.0" force-response-1.0
SetEnvIf "User-Agent" "RealPlayer 4\.0" force-response-1.0
SetEnvIf "User-Agent" "MSIE 4\.0b2;" nokeepalive SetEnvIf "User-Agent" "MSIE 4\.0b2;" force-response-1.0
<Directory />
	Order Deny,Allow 	Deny From all </Directory>
<Directory /www/jkltest/profiles>
	Order Allow,Deny 	Allow From all 	Require valid-user 	PasswdFile profiles/users 	UserID %%SERVER%%
	AuthType Basic 	AuthName "JKL Employee Profiles"
</Directory>
<Directory /www/jkltest/htdocs>
	Order Allow,Deny 	Allow From all </Directory>

 

Parent topic:

Scenarios for HTTP Server