PMDF System Manager's Guide
Connection Authentication, SASL, and Password Management
This chapter discusses connection authentication and password source
control, including SASL support, the POPPASSD server (supporting the
ad-hoc password changing mechanism used by, for instance, Eudora), and
the PMDF password database.
PMDF's authentication control facilities include:
- Support for SASL (Simple Authentication and Security Layer---see
RFC 22221)---a means for controlling the mechanisms by which
POP, IMAP or SMTP clients identify themselves to the respective server.
PMDF's support for SMTP SASL use complies with RFC 2554 (ESMTP AUTH).
- Support for various authentication sources (password sources),
regardless of whether the client supports or uses SASL.
- Support for automatically transitioning users between different
authentication sources and mechanisms.
- Support for translating between "external usernames"
(what the user types into their client as the username) and
"internal usernames" (the name of the underlying account on
the PMDF system), as well as support for virtual domains.
- Support for fetching auxiliary properties during authentication.
These facilities are controlled by the PMDF security configuration
file, discussed below in Section 14.2, by special entries in the
PORT_ACCESS mapping table, discussed below in Section 14.3, and by
TCP/IP channel configuration choices (in the case of SASL use over
SMTP), discussed below in Section 14.4.
1 A copy of RFC 2222 can be found in
pmdf_root:[doc.rfc] (OpenVMS) or
/pmdf/doc/rfc/ (UNIX) or