Apache - IBM HTTP Server Authentication using i5/OS user profiles

Applies To:

[ Zend Core V2.x ]
[ IBM System i ]

Overview

IBM HTTP Server for System i includes the IBM HTTP Server (powered by Apache).

The IBM HTTP Server for System i includes a rich collection of enhancements and features for a secure connection and a rich set of security features and services that pertain to the goals of authentication, authorization, integrity, confidentiality, and auditing.

Instructions

Authentication using i5/OS user profiles

iSeries i5/OS user profiles can be used for authentication. The advantage of this implementation is that is does not require you to perform additional configuration steps or to maintain a separate user database.
User profiles with limited capabilities and no sign on access, and *SECOFR class users (although this practice is highly discouraged), can be used for this purpose.

Note

Access validation through i5/OS user profiles is the simplest and under certain circumstances, least secure way to restrict access to your data. While acceptable in non-critical environments, we do not recommend this kind of authentication alone on public networks such as the Internet, where its simple Base64 encoding and the use of actual user profiles and passwords can compromise the security of your system.
A good choice for protecting your data is to use data encryption with SSL and TLS.

IBM HTTP Apache reverse proxy allows URL forwarding to PASE Apache based on directory configuration in IBM HTTP Apache httpd.conf. This allows for multiple PASE Apaches to be added by simply adding a new directory.

The easiest way to manage the IBM HTTP Apache is through IBM Web Administration for iSeries also known as *ADMIN server running on port 2001. (i5_Server_IP:2001)

IBM HTTP Reverse Proxy Server (default apache PORT 89)

# Configuration originally created by Create HTTP Server wizard on Fri Jan 19 13:56:31 EET 2007
LoadModule proxy_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM
LoadModule proxy_http_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM
LoadModule proxy_connect_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM
LoadModule proxy_ftp_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM
Listen *:89
DocumentRoot /www/zendcore/htdocs
Options -ExecCGI -FollowSymLinks -SymLinksIfOwnerMatch -Includes -IncludesNoExec -Indexes -MultiViews
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{Cookie}n \"%r\" %t" cookie
LogFormat "%{User-agent}i" agent
LogFormat "%{Referer}i -> %U" referer
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog logs/access_log combined
LogMaint logs/access_log 7 0
LogMaint logs/error_log 7
NameVirtualHost 10.1.1.47:89
SetEnvIf "User-Agent" "Mozilla/2" nokeepalive
SetEnvIf "User-Agent" "JDK/1\.0" force-response-1.0
SetEnvIf "User-Agent" "Java/1\.0" force-response-1.0
SetEnvIf "User-Agent" "RealPlayer 4\.0" force-response-1.0
SetEnvIf "User-Agent" "MSIE 4\.0b2;" nokeepalive
SetEnvIf "User-Agent" "MSIE 4\.0b2;" force-response-1.0
<Directory />
   Order Deny,Allow
   Deny From all
</Directory>
<VirtualHost 10.1.1.47:89>
   ServerName ZendVH.com
   DocumentRoot /www/zendcore/htdocs
   ProxyReverse On
   ProxyPass / http://127.0.0.1:8000/
   ProxyPassReverse / http://127.0.0.1:8000/
   <Directory /www/zendcore/htdocs>
      Order Allow,Deny
      Allow From all
   </Directory>
<Location />
ProfileToken On
AuthType Basic
AuthName "i5/OS User Profile"
Require valid-user
PasswdFile %%SYSTEM%%
order deny,allow
Allow from all
</Location>
</VirtualHost

Result

IBM HTTP Server for System i secure connection relaying on the system user profiles feature and a Web Administration for i5/OS that provides a full function GUI interface for configuring and managing many Web technologies, With IBM HTTP Server for i you can quickly and easily establish a Web presence and get started on the road to working the Web for business.

Excerpt: Apache - IBM HTTP Server Authentication using i5/OS user profiles

Original Post Date: 2009-04-08 13:41:55

External Links:

http://www-03.ibm.com/systems/i/software/http/index.html

Alternative Description: