Web Server--Authenticating Web Browser Users

	Select where you want to go:

System Administrator Tasks - Advanced

Serving Files Using Alias Names

Serving Files from Logical Directories

	On a Minidisk
	On an SFS Directory
	On a BFS Directory
	When Using CMS Search Order

Serving CGI Programs

Dynamically Including Information in Files

Creating Clickable Images

Filtering Static Files

Summary of Setting Up Access Control

Determining How to Control Access

	Authenticating Web Browser Users
	Determining Group Membership

Setting Up Access Control for the Server Root Domain

Setting Up Access Control for All User Pages

Analyzing Your Server Log

Authenticating Web Browser Users

Summary of Steps | Steps in Detail

Summary of Steps

Place a REALM (if required) and a PASSWORD access control record in a DIRMAP or ACCESS file to specify how you want VM:Webgateway to authenticate a web browser user.
Place one or more WHEN access control records in a DIRMAP or ACCESS file to cause VM:Webgateway to authenticate a web browser user.

Steps in Detail

Place a REALM (if necessary) and a PASSWORD access con trol record in a DIRMAP or ACCESS file to specify how you want VM:Webgateway to authenticate a web browser user.
The REALM record specifies the prompt you want to display when issuing a userid-password authentication challenge. Do not supply a REALM record if you choose to authenticate users with their client certificates.

The PASSWORD record specifies the method VM:Webgateway should use to authenticate browser users. VM:Webgateway can authenticate browser users using one of the following methods:

VM userids and passwords
Specify VMDIR on the PASSWORD record.

Site-assigned userids and passwords
Specify the name and location of the file that contains the userids and passwords on the PASSWORD record. A site can set up more than one password file. However, you can use only one password file for each URL.

Client certificates
Specify CLIENTCERTIFICATE on the PASSWORD record.

Site-written user exit
Specify the name of the user exit on the PASSWORD record. A site can set up more than one password user exit. However, you can use only one password user exit for each URL.

VM:Webgateway allows only one method of authentication for each URL. If VM:Webgateway evaluates a PASSWORD record in a DIRMAP or ACCESS file, and then encounters a subsequent PASSWORD record that specifies a different method of authentication, it will issue an error.
Place one or more of the following access control records in a DIRMAP or ACCESS file to cause VM:Webgateway to authenticate a web browser user:
- WHEN USER
- WHEN GROUP
- WHEN SYSADMIN
- WHEN SYSOPER
- WHEN CCERTKNOWN
- WHEN CCERTEMAIL
- WHEN CCERTCOUNTRY
- WHEN CCERTSTATE
- WHEN CCERTLOCALITY
- WHEN CCERTORG
- WHEN CCERTORGUNIT
- WHEN CCERTCOMMONNAME
- WHEN CCERTDISTINGUISHEDNAME
- WHEN USEREXIT with one or more of the following parameters: ALLOWED, CCERTCOMMONNAME, CCERTCOUNTRY, CCERTDISTINGUISHEDNAME, CCERTEMAIL, CCERTKNOWN, CCERTLOCALITY, CCERTORG, CCERTORGUNIT, CCERTSTATE, CNAME, CNAMEKNOWN, FILEDOMAIN, GROUPS, IP, METHOD, REFERRER, SYSADMIN, SYSOPER, and USER
Based on the placement of the WHEN access control records, you can:


				Select where you want to go: