Understanding the Web Server and IBM i User Profiles

Installing LANSA on IBM i

Understanding the Web Server and IBM i User Profiles

Under full authentication, the Web Server will not permit you to access an application unless you provide a valid profile. If a valid profile is provided, then LANSA for the Web is invoked. The Web Server user profile is specific to the Web Server. It is not an IBM i user profile. The Web profiles are created as part of a Web Server validation list. Users are not entering IBM i user profiles over the Internet.

For process level authentication, LANSA for the Web checks if the Web Server user profile is a registered LANSA for the Web user. If the user is known to LANSA for the Web, an associated IBM i user profile is used to execute LANSA at the IBM i. LANSA for the Web will map the Web Server (external Internet profile) onto to a real IBM i (internal) user profile. This IBM i user profile will be used to determine the access rights to IBM i objects.

If the Web Server user profile is not registered with LANSA for the Web, the user will still be allowed to use LANSA for the Web, provided that there is an anonymous user registered. This means that LANSA for the Web will use the default user profile on the IBM i to determine the user's access rights to the IBM i objects. The default user profile should always have minimum authority to the IBM i and LANSA.

Note that once the user has been authenticated by the Web Server, the profile will persist throughout the life of the browser. This means that subsequent requests to LANSA for the Web will use the same user profile, irrespective of whether or not the LANSA process requires user authentication.

Note: You should NOT use the same user profiles and passwords throughout your system. If an individual learns your Internet userid and password, they would be able to access that particular Internet application. They would be able to use Telnet and log on to your IBM i!