PMDF System Manager's Guide

When a user creates or modifies their personal mailbox filter, the user must authenticate himself.

When the PMDF manager creates or modifies a channel level filter or the system wide filter, the manager must authenticate with the PMDF server account⁴ password and as the "address" @channel-host-name where channel-host-name is the official host name of the channel in question for a channel level filter, or as the "address" @ for the system filter file. For instance, on a system with official local host name example.com, the PMDF manager would authenticate using the "address" @example.com---the @ character followed by the host name with no username---for a channel level filter, or would authenticate using the "address" @---the at sign character alone, with no username or host name---for a system level filter.

The PMDF security configuration controls just what source of authentication material this authentication will be performed against, e.g., PMDF user profile password (PMDF popstore or PMDF MessageStore user profile), PMDF password database password, system password file password, etc.; see Section 14.2. For mailbox filter connections handled by the DEFAULT security rule set of PMDF's implicit security configuration, authentication will be performed preferentially against the PMDF user profile, if the user has a PMDF user profile entry, if not then against the PMDF password database, if the user has an entry in it, and finally, only if the user has neither sort of entry, against the system password file.

In the particular case when authentication is performed against the PMDF password database, note that PMDF will check just which channel a user matches in order to decide which of the user's (possible multiple) PMDF password database entries to compare against. For a user matching a msgstore channel, the mailbox filter query will preferentially use the user's /SERVICE=IMAP entry, but if such an entry does not exist will fall through to the user's /SERVICE=DEFAULT entry. For a user matching a popstore channel, the mailbox filter query will preferentially use the user's POP service-specific entry in the password database, but if such an entry does not exist will fall through to the user's DEFAULT entry in the password database. For a user matching the local channel, the mailbox filter query will use the user's DEFAULT entry. See Section 14.7 for an additional discussion of the PMDF password database.