PMDF System Manager's Guide

The client_auth, maysasl, maysaslclient, maysaslserver, mustsasl, mustsaslclient, mustsaslserver, nosasl, nosaslclient, nosaslserver, saslswitchchannel, and nosaslswitchchannel channel keywords are used to configure SASL use, specifically the use of the AUTH command, during the SMTP protocol by SMTP based channels such as TCP/IP channels. nosasl is the default, and means that SASL authentication will not be permitted (by the server) or attempted (by the client). It subsumes both nosaslserver and nosaslclient. Specifying maysaslserver causes the SMTP server to permit clients to attempt to use SASL authentication. Specifying maysaslclient causes the SMTP server to attempt to use SASL authentication. maysasl subsumes both maysaslserver and maysaslclient. Specifying mustsaslserver causes the SMTP server to insist that clients use SASL authentication; the SMTP server will not accept messages unless the remote client successfully authenticates. Specifying mustsaslclient causes the SMTP client to use SASL authentication, and it will refuse to continue with the SMTP connection if it cannot successfully authenticate. mustsasl subsumes both mustsaslserver and mustsaslclient. The saslswitchchannel keyword is used to cause incoming connections to be switched to a specified channel upon a client's successful SASL use. It takes a required value, specifying the channel to which to switch. nosaslswitchchannel is the default, and means that channel switching is not performed upon a client's successful SASL use. The client_auth keyword is used for client-side SASL authentication to tell the TCP/IP channel which CLIENT_AUTH section of the security.cnf file to read to get the username and password to use to authenticate to the remote system. If this option is not specified, the DEFAULT CLIENT_AUTH section is used.

See Section 14.4 for further discussion and examples of use of these channel keywords.