IBM HTTP Server provides for Apache Basic Authentication using IBM i user profiles. When Basic Authentication is used in this way, the FastCGI child job running under Apache assumes the user profile of the requester, replacing the default QTMHHTTP profile for the duration of the request. This can cause a fatal error for any Apache request if the user does not have authority to write to the Apache logs. This can also cause a fatal error for PHP requests if the user does not have authority to the FastCGI socket. This article tells how to assign permissions to the *PUBLIC user to prevent these errors.
Zend server for IBM i version 6 or higher, running on any supported version of IBM i, using IBM i user profiles for Basic Authentication.
The following article tells how to set up Basic Authentication with User Profiles:
Make sure *PUBLIC can write to the Apache log files. From a 5250 command line, logged in with a *SECOFR class user profile:
To grant permissions for a specific user, just use the user profile name instead of *PUBLIC in the above command.
Make sure *PUBLIC can update the FastCGI socket:
Please back up this file, and then edit it:
At the end of the file, add this line:
Save the file and restart Apache for the change to take effect.
For IBM i versions prior to 7.2, PTFs are required for this setting to have an effect. The PTFs have been out for quite some time, so most customers are likely to have them. Here is a list of the required PTFs:
Release 57**DG1 PTF 57**SS1 PASE PTF
i 5.4 SI41577, SI41688 SI41324
i 6.1 SI41253, SI41704 SI41326
i 7.1 SI41367, SI41706 SI41325
Here is a simple script you can run that demonstrates how to retrieve the user profile and password in a PHP script. (This also demonstrates that it is a really good idea to use SSL when using Basic Authentication.) Call this script something like authinfo.php and place it in the document root for your Basic Authenticated virtual host. When you access it in your browser, enter the user profile you would like to test in the prompt. If it is all working, you will see your user profile and password displayed in the browser.