[z/OS]

Authenticating with SAF on IBM HTTP Server (z/OS systems)

You can authenticate to the IBM HTTP Server on z/OS using HTTP basic authentication or client certificates with the System Authorization Facility (SAF) security product. Use SAF authentication for verification of user IDs and passwords or certificates.

Before you begin

In order to enable the SAF authentication function, add a LoadModule directive to the IBM HTTP Server httpd.conf file as follows:
LoadModule auth_saf_module modules/mod_auth_saf.so

About this task

SAF authentication is provided by the mod_auth_saf module. The mod_auth_saf module allows the use of HTTP basic authentication or client certificates to restrict access by looking up users, groups, and SSL client certificates in SAF. This module also allows you to switch the thread from the server ID to another ID prior to responding to the request by using the SAFRunAS directive.

See SAF directives to obtain detailed descriptions of the SAF authorization directives for use with IBM HTTP Server.

Procedure

  1. If you are using SAFRunAs, permit the IBM HTTP Server userid to the BPX.SERVER FACILITY class profile in RACF, and provide the target userid with an OMVS segment.
  2. Determine the directory location you want to limit access to. For example: <Location "/admin-bin">.
  3. Add directives in httpd.conf to the directory location (container) to be protected with values specific to your environment. For example:
    • AuthName "Title of your protected Realm"
    • AuthType Basic
    • AuthSAF on
    • AuthSAFAuthoritative on
    • SAFRequire on
    • Require valid-user
    • SAFRunAs %%CLIENT%%
    • AuthSAFExpiration "EXPIRED PW: oldpw/newpw/newpw"
    • AuthSAFReEnter "New PW again:"



Subtopics
SAF directives
Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 6:08:30 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=ihs-dist&topic=tihs_safconfigz
File name: tihs_safconfigz.html