PMDF System Manager's Guide


Previous Next Contents Index

14.2 The PMDF Security Configuration file

The PMDF security configuration file controls a number of aspects of authentication of incoming connections by servers such as the PMDF POP, IMAP, or SMTP servers, including what authentication source (password source) a server checks, what authentication mechanism (password verification mechanism) is used to check the authentication verifier (password), when SASL is being used what SASL mechanisms are available, and whether to automatically transition users from one authentication source or mechanism to another.

The security configuration file also controls some aspects of authentication for outgoing connections by clients such as the TCP/IP SMTP channel client, such as specifying usernames and passwords for authenticating to a remote server, and what SASL mechanisms to use.

Currently supported authentication sources include the system password file, the PMDF password database, PMDF user profiles (profiles for PMDF MessageStore and PMDF popstore users), LDAP or X.500 directories, authentication via a remote POP server, and site-supplied routines for password checking. For instance, PMDF can be configured so that when a POP user connects they must issue their system password, or must issue their PMDF popstore password, or must issue their PMDF password database password.

Currently supported SASL authentication mechanisms include plaintext, APOP, CRAM-MD5, DIGEST-MD5, and anonymous access. For instance, PMDF can be configured to allow APOP authentication by POP clients, or can be configured to allow only CRAM-MD5 authentication by POP clients.

Different sorts of authentication control can be used for different sorts of connections; for instance, a site might want to use different authentication sources or SASL mechanisms for "internal" vs. "external" connections; see Section 14.3 below.

A general overview of the PMDF security configuration file, including specifying for which sorts of connections SASL authentication services are offered, can be found in Section 14.2.2; further details on authentication services such as the list of predefined authentication sources and how to define additional sources can be found in Section 14.2.3; a list of the predefined authentication mechanisms can be found in Section 14.2.4.


Previous Next Contents Index