[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fw: Production error



This is a copy/paste from the HTTPAPI README:



GRANTING ORDINARY USERS PERMISSION TO RUN SSL APPLICATIONS
  Note: Some have reported that this procedure doesn't work.
        If it fails for you, see the next section.
---------------------------------------------------------------------
   1)  In order to give your users proper permissions to run apps
         that use HTTPAPI/SSL you should give them access to the
         *SYSTEM certificate store.

   2)  Open iSeries Navigator (or, Operations Navigator)

   3)  Click your iSeries connection, then "Users and Groups"

   4)  To grant access to a group profile, click "Groups"
       To grant access to an individual user, click "All Users"

   5)  Choose the user profile that you'd like to grant access to,
          right click on it, and choose "Properties"

   6)  Click the "Capabilities" button.

   7)  Select the "Applications" tab

   8)  Pull down the "Access for" list box, and select "host
          applications"

   9)  Expand the "Digital Certificate Manager" and check the
          box next to the "*SYSTEM certificate store"


GRANTING ORDINARY USERS PERMISSION TO RUN SSL APPLICATIONS
WHEN THE PRECEDING SECTION DIDN'T WORK
---------------------------------------------------------------------
Some have reported that the preceding instructions don't work,
because the user doesn't have access to the underlying files
in the IFS.  To solve that problem, grant authority as follows...
In this example, I'm giving a user named SCOTTK access to the
files.  (Change SCOTTK to the proper userid when you do it)

  CHGAUT OBJ('/') +
         USER(SCOTTK) DTAAUT(*RX)
  CHGAUT OBJ('/QIBM') +
         USER(SCOTTK) DTAAUT(*RX)
  CHGAUT OBJ('/QIBM/UserData') +
         USER(SCOTTK) DTAAUT(*RX)
  CHGAUT OBJ('/QIBM/UserData/ICSS') +
         USER(SCOTTK) DTAAUT(*RX)
  CHGAUT OBJ('/QIBM/UserData/ICSS/CERT') +
         USER(SCOTTK) DTAAUT(*RX)
  CHGAUT OBJ('/QIBM/UserData/ICSS/CERT/SERVER')
         USER(SCOTTK) DTAAUT(*RX)
  CHGAUT OBJ('/QIBM/UserData/ICSS/CERT/SERVER/DEFAULT.KDB')
         USER(SCOTTK) DTAAUT(*R)
  CHGAUT OBJ('/QIBM/UserData/ICSS/CERT/SERVER/DEFAULT.RDB')
         USER(SCOTTK) DTAAUT(*R)

If you wish to give all users access to run SSL programs, then
you should change USER(SCOTTK) to USER(*PUBLIC).  You can also
use an AUTL if you like by specifying AUTL(your-autl) instead
of USER(your-user)

NOTE: Adopted authority does not work in the IFS.  Please
       grant permissions by the actual userid, not the adopted
       one.

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------