This article is now available in our new knowledge base: Apache - PASE Authentication, Authorization and Access Control
[ Zend Core V2.x ]
[ IBM System i ]
This is the main Apache Server Configuration file, It contains the configuration directives that give the server its instructions (powered by Apache)..
The PASE apache server for IBM System i includes a rich collection of enhancements and features for a secure connection and a rich set of security features and services that pertain to the goals of authentication, authorization, integrity, confidentiality, and auditing.
- Authentication is the process by which you verify a user's identity through some sort of credentials. (userid/password, DCM, Voice recognition, fingerprinting etc.).
- Authorization is any process by which someone is allowed to be where they want to go, or to have information that they want to have.
- Access Control is a set of policies that define who can access your data, and resources, what kind of authority granted and actions allowed to perform.
- htpasswd is used to create and update the flat-files used to store usernames and password for basic authentication of HTTP users. If htpasswd cannot access a file, such as not being able to write to the output file or not being able to read the file in order to update it, it returns an error status and makes no changes.
Protecting PASE apache content with basic authentication
There are two configuration steps which you must complete in order to protect a resource using basic apache PASE authentication, grouping alike users depending on what you are trying to do.
- Create a password file From an i5/OS command line:
- CALL QP2TERM run the following commands from the terminal shell
- cd /usr/local/zend/apache2/bin the command htpasswd located in the bin directory.
-c /password_file userid -- (created in the root directory) Choose your directory for the password file
- htpasswd -b /password_file userid userpasswrd -- Add user and passwords to the password file
- Set the PASE apache configuration to use this password file:
- WRKLNK /usr/local/zend/apache2/conf
- Identify the PASE apache directive
- Optionally, create a Group File From an i5 command line:
- EDTF STMF('/mydir/mygroupfile')
- File structure - GroupName: userid1 userid2 userid3
For more information on i5/OS commands see IBM Information Center (links below)
You have information on your web site that is sensitive or intended for only a small group of people, the techniques in this article will help you make sure that only users with proper credentials will have access to the information.
Excerpt: Apache - PASE Authentication, Authorization and Access Control
Original Post Date: 2009-10-23 14:09:15
Apache - PASE Authentication, Authorization and Access Control