The PMDF security configuration file controls a number of aspects of authentication of incoming connections by servers such as the PMDF POP, IMAP, or SMTP servers, including what authentication source (password source) a server checks, what authentication mechanism (password verification mechanism) is used to check the authentication verifier (password), when SASL is being used what SASL mechanisms are available, and whether to automatically transition users from one authentication source or mechanism to another.
Currently supported authentication sources include the system password file, the PMDF password database, PMDF user profiles (profiles for PMDF MessageStore and PMDF popstore users), LDAP or X.500 directories, authentication via a remote POP server, and site-supplied routines for password checking. For instance, PMDF can be configured so that when a POP user connects they must issue their system password, or must issue their PMDF popstore password, or must issue their PMDF password database password.
Currently supported SASL authentication mechanisms include plaintext, APOP, CRAM-MD5, DIGEST-MD5, and anonymous access. For instance, PMDF can be configured to allow APOP authentication by POP clients, or can be configured to allow only CRAM-MD5 authentication by POP clients.
Different sorts of authentication control can be used for different sorts of connections; for instance, a site might want to use different authentication sources or SASL mechanisms for "internal" vs. "external" connections; see Section 14.3 below.
A general overview of the PMDF security configuration file, including specifying for which sorts of connections SASL authentication services are offered, can be found in Section 14.2.2; further details on authentication services such as the list of predefined authentication sources and how to define additional sources can be found in Section 14.2.3; a list of the predefined authentication mechanisms can be found in Section 14.2.4.