Re: WEB400 Digest, Vol 6, Issue 58

What does the HTTP error log show? The error may have nothing to do with the profile. Also, are you protecting things with Directory or Location containers? If you are using Directory containers, that's usually not what you want to do. If you look in the archives, you can find out why (and also plenty of examples using Location containers).

As far as #2 goes, that's bull. There is a set of programs that I had a hand in developing to manage them. You can download them from www.ignite400.org (they're in the code sample section). The HTTP server already knows how to handle validation lists. Validation lists also have one huge advantage over profiles: they aren't profiles! The reason this is an advantage is you can't sign on to the system using a validation list. This makes your web server much more secure since it eliminates one path for hackers to break in. Also, validation lists scale much better than user profiles and you don't have to deal with expiring passwords on user profiles (HTTP offers no way to reset passwords so you'd have to write custom code to handle that).

Matt

-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of DSmith@xxxxxxxxxxxxxxxxxxxxx
Sent: Tuesday, March 18, 2008 1:13 PM
To: web400@xxxxxxxxxxxx
Subject: Re: [WEB400] WEB400 Digest, Vol 6, Issue 58

1. The user profile is not already disabled when the user begins the
login process. I've used my login and acheived the same results.

2. Management doesn't want to add the overhead in development and
maintenance to use validation lists and programmatically controlled login.
(i.e. The boss said 'No')


Thanks anyway!

Don

==================================
Donald W. Smith
IBM Certified AS/400 Programmer/Analyst
Microsoft Certified Professional
Information Systems Department
City of Lancaster, Pennsylvania
(717) 291-4847
DSmith@xxxxxxxxxxxxxxxxxxxxx





date: Mon, 17 Mar 2008 17:03:42 -0400
from: "bryan dietz" <bdietz400@xxxxxxxxx>
subject: Re: [WEB400] Apache Server Login Issues

Is the iSeries user profile getting(already) disabled??

Maybe you should use validation lists in place of "real" profiles.

Bryan



On 3/17/08, DSmith@xxxxxxxxxxxxxxxxxxxxx <DSmith@xxxxxxxxxxxxxxxxxxxxx>
wrote:

Hey All!

I am having an issue when I try to go to a website we have hosted on our
iSeries Apache Server. The httpd.conf is set so that it requires the

user

to login, which checks the user id and password entered by the user
against the user profile on the iSeries. If the user has a profile and
the login credentials are correct, it should allow the user to proceed

to

the index page. However, it repeatedly asks for the login credentials,
and it wipes out the password after the second time. Sometimes it lets
the user in after three tries, sometimes it takes four or five or more.
The more attempts that are taken, the higher the chance that it will
disable the user profile on the iSeries. Nothing is really consistent
with what happens, it varies from user to user and login to login. I am
absolutely certain that the correct user id & password are being

provided

for login. What I'm not certain of is why this is happening. Anyone

out

there have any ideas?

Thanks in Advance,

Don

==================================
Donald W. Smith
IBM Certified AS/400 Programmer/Analyst
Microsoft Certified Professional
Information Systems Department
City of Lancaster, Pennsylvania
(717) 291-4847
DSmith@xxxxxxxxxxxxxxxxxxxxx