Validation list objects
Validation list objects provide a method for applications to securely store user authentication information.
- Securely store user authentication information for applications.
- Provide an authorization mechanism for users who do not have and do not need an IBM i user profile, such as internet users.
Validation list objects provide a method for applications to securely store user authentication information.
For example, the Internet Connection Server (ICS) uses validation lists to carry out the concept of an internet user. Validation lists allow ICS to perform basic authentication before a web page is served. Basic authentication requires users to provide some type of authentication information, such as a password, PIN, or account number. The name of the user and the authentication information can be stored securely in a validation list. The ICS can use the information from the validation list rather than require all users of the ICS to have a system user ID and password.
An internet user can be permitted or denied access to the system from the web server. The user, however, has no authority to any system resources or authority to sign-on or run jobs. A system user profile is never created for the internet users.
Validation list objects are available for all applications to use. For example, if an application requires a password, the application passwords can be stored in a validation list object rather than a database file. The application can use the validation list APIs to verify user passwords, which are encrypted, rather than the application performing the verification itself.