IBM i > Administrator > Security

Secure Your IBM i Server

 

Most of the time, you’ll want several people to have access to a resource on IBM i. You want to be able to define a group of people that has access to that resource, and then manage that group—adding and removing members, without having to edit the server configuration file and restart Apache each time.

This is possible by using authentication groups. An authentication group is a group name associated with a list of members. This list is stored in a group file, which should be stored in the same location as the password file, so you can better keep manage the information.

The format of the group file is exceedingly simple. A group name appears first on a line, followed by a colon, and then a list of the members of the group separated by spaces. For example:

authors: pigm richard james 

The group file APIs are one set of standard APIs for HTTP Servers, which are independent of HTTP Server type.

The group file APIs are in *SRVPGM QZHBCONF in library QHTTPSVR. ILE C programs must include header file QHTTPSVR/H(QZHBCONF). For example, you can add #include in your C programs.

In this article, I’ll cover only how to use these APIs, especially focusing on key concepts in the group file APIs. As to API usage specifications, please refer to Group file APIs in the IBM i Info Center.

Important Concepts

Group file APIs have three important concepts: Group List, Group and User. Let’s explore each one.

Group List. Group List represents a data structure that can be viewed as a list of group entries (See Group section for more details). The format of a group list is like this:

<pre class=code>
<group entry1>
<group entry2>
…
<group entryN>
</pre> 

 

Tweet