If the CGI program is covered by a protection directive that calls for basic
authentication, the user must supply a user ID and password before the CGI
program is allowed to run. The other protection subdirectives determine the
following:
vHow the server validates the user ID and password
vWhat security environment the CGI program runs in
The subdirectives might tell the browser to treat the user ID as an AS/400 user
profile and to validate the password against it. In addition, the Userid subdirective
might be used to cause the server job to run under a specified AS/400 user profile
or the one the user entered. The following example protection setup would cause
the user ID to be treated as an AS/400 user profile, and to switch to that profile
when starting the CGI program:
Protection example1 {
AuthType Basic
Userid %%CLIENT%%
PasswdFile %%SYSTEM%%
}
If Userid %%SERVER%% had been specified, the CGI program will run under the
QTMHHTP1 user profile. If Userid FRED had been specified, the CGI program
would run under the FRED user profile.
Alternatively, the PasswdFile subdirective can identify a validation list. For
example:
PasswdFile qgpl/valist1
Validation lists contain a set of user IDs, their associated password, and optionally
other application-specific information. In this example, the server would
authenticate the user by comparing the specified user ID and password against the
specified validation list. If the user ID exists in the validation list and the password
matches, the CGI program would run under the QTMHHTP1 user profile.
Validation lists can be created through the CRTVLDLcommand. CGI or other
programs can add, remove, find, or change entries through a set of APIs
documented in the programming topic in the AS/400 Information Center. By using
validation lists, the CGI program can “register”users and associate other
information with each entry while at the same time using the basic authentication
functions of the HTTP server to authenticate requests.
88 WebProgramming Guide V4R5